Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances

ABSTRACT

A rights management arrangement for storage media such as optical digital video disks (DVDs, also called digital versatile disks) provides adequate copy protection in a limited, inexpensive mass-produceable, low-capability platform such as a dedicated home consumer disk player and also provides enhanced, more flexible security techniques and methods when the same media are used with platforms having higher security capabilities. A control object (or set) defines plural rights management rules for instance, price for performance or rules governing redistribution. Low capability platforms may enable only a subset of the control rules such as controls on copying or marking of played material. Higher capability platforms may enable all (or different subsets) of the rules. Cryptographically strong security is provided by encrypting at least some of the information carried by the media and enabling decryption based on the control set and/or other limitations. A secure “software container” can be used to protectively encapsulate (e.g., by cryptographic techniques) various digital property content (e.g., audio, video, game, etc.) and control object (i.e., set of rules) information. A standardized container format is provided for general use on/with various mediums and platforms. In addition, a special purpose container may be provided for DVD medium and appliances (e.g., recorders, players, etc.) that contains DVD program content (digital property) and DVD medium specific rules. The techniques, systems and methods disclosed herein are capable of achieving compatibility with other protection standards, such as for example, CGMA and Matsushita data protection standards adopted for DVDs. Cooperative rights management may also be provided, where plural networked rights management arrangements collectively control a rights management event on one or more of such arrangements.

[0001] PCT Application ______ No. filed ______, 1997 entitled“Steganographic Techniques For Securely Delivering Electronic DigitalRights Management Control Information Over Insecure CommunicationsChannels,” which corresponds to U.S. patent application Ser. No.08/689,606 of Van Wie and Weber filed on Aug. 12, 1996 (hereinafter “VanWie and Weber”); and

[0002] PCT Application No. ______ filed ______ , 1997 based on U.S.patent application Ser. No. 08/689,754 entitled “Systems and MethodsUsing Cryptography To Protect Secure Computing Environments,” of Sibertand Van Wie filed on Aug. 12, 1996 (hereinafter “Sibert and Van Wie”).

FIELD OF THE INVENTION

[0003] This invention relates to information protection techniques usingcryptography, and more particularly to techniques using cryptography formanaging rights to information stored on portable media—one examplebeing optical media such as Digital Video Disks (also known as “DigitalVersatile Disks” and/or “DVDs”). This invention also relates toinformation protection and rights management techniques havingselectable applicability depending upon, for example, the resources ofthe device being used by the consumer (e.g., personal computer orstandalone player), other attributes of the device (such as whether thedevice can be and/or typically is connected to an information network(“connected” versus “unconnected”)), and available rights. Thisinvention further relates, in part, to cooperative rightsmanagement—where plural networked rights management arrangementscollectively control a rights management event on one or more of sucharrangements. Further, important aspects of this invention can beemployed in rights management for electronic information made availablethrough broadcast and/or network downloads and/or use of non-portablestorage media, either independent of, or in combination with portablemedia.

BACKGROUND OF THE INVENTION

[0004] The entertainment industry has been transformed by thepervasiveness of home consumer electronic devices that can play videoand/or audio from pre-recorded media. This transformation began in theearly 1900s with the invention of the phonograph-which for the firsttime allowed a consumer to listen to his or her favorite band, orchestraor singer in his or her home whenever he or she wishes. The availabilityof inexpensive video cassette recorders/players beginning in the early1980s brought about a profound revolution in the movie and broadcastindustries, creating an entirely new home consumer market for films,documentaries, music videos, exercise videos, etc.

[0005] The entertainment industry has long searched for optimal mediafor distributing content to home consumers. The original phonographcylinders distributed by Thomas Edison and other phonograph pioneers hadthe advantage that they were difficult to copy, but suffered fromvarious disadvantages such as high manufacturing costs, low resistanceto breakage, very limited playback time, relatively low playbackquality, and susceptibility to damage from wear, scratching or melting.Later-developed wax and vinyl disks could hold more music material butsuffered from many of the same disadvantages. Magnetic tapes, on theother hand, could be manufactured very inexpensively and could hold alarge amount of program material (e.g., 2, 4 or even 6 hours of videoand/or audio). Such magnetic tapes could reproduce program material atrelatively high quality, and were not as susceptible to damage orwearing out. However, despite the many clear advantages that magnetictape provides over other media, the entertainment industry has neverregarded it as an ideal or optimum medium because of its greatsusceptibility to copying.

[0006] Magnetic tape has the very flexible characteristic that it can berelatively easily recorded on. Indeed, the process for recording amagnetic tape is nearly as straightforward as that required for playingback pre-recorded content. Because of the relative ease by whichmagnetic tape can be recorded, home consumer magnetic tape equipmentmanufacturers have historically provided dual mode equipment that canboth record and play back magnetic tapes. Thus, home audio and videotape players have traditionally had a “record” button that allows aconsumer to record his or her own program material on a blank(un-recorded) magnetic tape. While this recording ability has givenconsumers additional flexibility (e.g., the ability to record a child'sfirst words for posterity, and the ability to capture afternoon soapoperas for evening viewing), it has unfortunately also been thefoundation of an illegal multi-billion dollar content pirating industrythat produces millions of illegal, counterfeit copies every year. Thisillegal pirating operation-which is international in scope-leeches hugeamounts of revenue every year from the world's major entertainmentcontent producers. The entertainment industry must pass along theselosses to honest consumers-resulting in higher box office prices, andhigher video and audio tape sales and rental prices.

[0007] In the mid 1980s, the audio entertainment industry developed theoptical compact disk as an answer to some of these problems. The opticalcompact disk-a thin, silvery plastic platter a few inches indiameter-can hold an hour or more of music or other audio programming indigital form. Such disks were later also used for computer data. Thedisk can be manufactured very inexpensively, and provides extremely highquality playback that is resistant to noise because of the digitaltechniques used to record and recover the information. Because theoptical disk can be made from plastic, it is light weight, virtuallyunbreakable, and highly resistant to damage from normal consumerhandling (unlike the prior vinyl records that were easily scratched orworn down even by properly functioning phonographs). And, becauserecording on an optical disk is, so far, significantly more difficultthan playing back an optical disk, home consumer equipment providingboth recording and playback capabilities is unlikely, in the nearfuture, to be as cost-effective as play-only equipment-greatly reducingthe potential for illicit copying. Because of these overwhelmingadvantages, the music industry has rapidly embraced the new digitalcompact disk technology-virtually replacing older audio vinyl disk mediawithin the space of a few short years.

[0008] Indeed, the threat of widespread and easy unauthorized copying inthe absence of rights management technologies apparently has been animportant contributing factor to the demise of digital audio tape (DAT)as a media for music distribution and, more importantly, home audiorecording. Rightsholders in recorded music vigorously opposed thewidespread commercialization of inexpensive DAT technology that lackedrights management capabilities since the quality of the digitalrecording was completely faithful to the digital source on, for example,music CDs. Of course, the lack of rights management was not the onlyfactor at work, since compared with optical media, tape format maderandom access difficult, for example, playing songs out of sequence.

[0009] The video entertainment industry is on the verge of a revolutionsimilar to that wrought by music CDs based on movies in digital formatdistributed on high capacity read-only optical media. For example,digital optical disk technology has advanced to the point where it isnow possible to digitally record, among other things, a full lengthmotion picture (plus sound) on one side of a 5″ plastic optical disk.This same optical disk can accommodate multiple high-quality digitalaudio channels (e.g., to record multi-channel “sensurround” sound forhome theaters and/or to record film dialog in multiple differentlanguages on the same disk). This same technology makes it possible toaccess each individual frame or image of a movie for still imagereproduction or—even more exciting—to provide an unprecedented “randomaccess” playback capability that has never before existed in homeconsumer equipment. This “random access” playback could be used, forexample, to delete violence, foul language or nudity at time of playbackso that parents could select a “PG” playback version of an “R” ratedfilm at the press of a button. The “random access” capability also hasexciting possibilities in terms of allowing viewers to interact with thepre-recorded content (e.g., allowing a health enthusiast to select onlythose portions of an exercise video helpful to a particular day'sworkout). See, for example, “Applications Requirements for InnovativeVideo Programming,” DVD Conference Proceedings (Interactive MultimediaAssociation, Oct. 19-20, 1995, Sheraton Universal Hotel, Universal City,California).

[0010] Non-limiting examples of the DVD family of optical media include:

[0011] DVD (Digital Video Disk, Digital Versatile Disk), a non-limitingexample of which includes consumer appliances that play movies recordedon DVD disks;

[0012] DVD-ROM (DVD-Read Only Memory), a nonlimiting example of whichincludes a DVD read-only drive and disk connected to a computer or otherappliance;

[0013] DVD-RAM (DVD Random Access Memory), a non-limiting example ofwhich includes a read/write drive and optical media in, for example,consumer appliances for home recording and in a computer or otherappliance for the broadest range of specific applications; and

[0014] Any other high capacity optical media presently known or unknown.

[0015] “DVDs” are, of course, not limited to use with movies. Like CDs,they may also be used for other kinds of information, for example:

[0016] sound recordings

[0017] software

[0018] databases

[0019] games

[0020] karaoke

[0021] multimedia

[0022] distance learning

[0023] documentation

[0024] policies and manuals

[0025] any kind of digital data or other information

[0026] any combination of kinds of digital data or other information

[0027] any other uses presently known or unknown.

[0028] The broad range of DVD uses presents a technical challenge: howcan the information content distributed on such disks, which might beany kind or combination of video, sound, or other data or informationbroadly speaking, be adequately protected while preserving or evenmaximizing consumer flexibility? One widely proposed requirement for thenew technology(mainly within the context of video), is, to the extentcopying is permitted at all, to either: (a) allow a consumer to make afirst generation copy of the program content for their own use, butprevent the consumer from making “copies of copies”, ormulti-generational copies of a given property (thus keeping.honestpeople honest); or (b) to allow unlimited copying for those propertiesthat rightsholders do not wish to protect against copying, or whichconsumers have made themselves.

[0029] However, providing only such simplistic and limited copyprotection in a non-extensible manner may turn out to be extremelyshortsighted—since more sophisticated protection and/or rightsmanagement objectives (e.g., more robust and selective application ofcopy protection and other protection techniques, enablement ofpay-per-view models, the ability of the consumer to make use of enhancedfunctionality such as extracting material or interactivity upon payingextra charges, and receiving credit for redistribution, to name a few)could be very useful now or in the future. Moreover, in optimallyapproaching protection and rights management objectives, it is extremelyuseful to take differing business opportunities and threats into accountthat may relate to information delivered via DVD media, for example,depending upon available resources of the device and/or whether thedevice is connected or unconnected.

[0030] More sophisticated rights management capabilities will also allowstudios and others who have rights in movies and/or sound recordings tobetter manage these important assets, in one example, to allowauthorized parties to repurpose pieces of digital film, video and/oraudio, whether specific and/or arbitrary pieces, to create derivativeworks, multimedia games, in one non-limiting example. Solutions proposedto date for protecting DVD content have generally focused solely onlimited copy protection objectives and have failed to adequately addressor even recognize more sophisticated rights management objectives andrequirements. More specifically, one copy protection scheme for theinitial generation of DVD appliances and media is based on an encryptionmethod developed initially by Matsushita and the simple CGMA controlcodes that indicate permitted copying: a one-generation copy, no copies,or unlimited copying.

SUMMARY OF THE INVENTIONS

[0031] Comprehensive solutions for protecting and managing informationin systems that incorporate high capacity optical media such as DVDrequire, among other things, methods and systems that address two broadsets of problems: (a) digital to analog conversion (and vice versa); and(b) the use of such optical media in both connected and unconnectedenvironments. The inventions disclosed herein address these and otherproblems. For example, in the context of analog to digital conversion(and vice versa), it is contemplated that, in accordance with thepresent inventions, at least some of the information used to protectproperties and/or describe rights management and/or control informationin digital form could also be carried along with the analog signal.Devices that convert from one format and/or medium to another can, forexample, incorporate some or all of the control and identifyinginformation in the new context(s), or at least not actively delete suchinformation during the conversion process. In addition, the presentinventions provide control, rights management and/or identificationsolutions for the digital realm generally, and also critically importanttechnologies that can be implemented in consumer appliances, computers,and other devices. One objective of the inventions is to providepowerful rights management techniques that are useful in both theconsumer electronics and computer technology markets, and that alsoenable future evolution of technical capabilities and business models.Another non-limiting objective is to provide a comprehensive control,rights management and/or identification solution that remainscompatible, where possible, with existing industry standards for limitedfunction copy protection and for encryption.

[0032] The present inventions provide rights management and protectiontechniques that fully satisfy the limited copy protection objectivescurrently being voiced by the entertainment industry for movies whilealso flexibly and extensibly accommodating a wide range of moresophisticated rights management options and capabilities.

[0033] Some important aspects of the present inventions (that are morefully discussed elsewhere in this application) include:

[0034] Selection of control information associated with informationrecorded on DVD media (for example, rules and usage consequence controlinformation, that comprise non-limiting example elements of a VirtualDistribution Environment (VDE)) that is based at least in part on classof appliance, for example, type of appliance, available resources and/orrights;

[0035] Enabling such selected control information to be, at least inpart, a subset of control information used on other appliances and/orclasses of appliance, or completely different control information;

[0036] Protecting information output from a DVD device, such as applyingrights management techniques disclosed in Ginter et al. and the presentapplication to the signals transmitted using an IEEE 1394 port (or otherserial interface) on a DVD player;

[0037] Creation of protected digital content based on an analog source;

[0038] Reflecting differing usage rights and/or content availability indifferent countries and/or regions of the world;

[0039] Securely managing information on DVD media such that certainportions may be used on one or more classes of appliance (e.g., astandalone DVD player), while other portions may be used on the same ordifferent classes of appliance (e.g., a standalone DVD player or a PC);

[0040] Securely storing and/or transmitting information associated withpayment, auditing, controlling and/or otherwise managing contentrecorded on DVD media, including techniques related to those disclosedin Ginter et al. and in Shear et al.;

[0041] Updating and/or replacing encryption keys used in the course ofappliance operation to modify the scope of information that may be usedby appliances and/or classes of appliances;

[0042] Protecting information throughout the creation, distribution, andusage process, for example, by initially protecting informationcollected by a digital camera, and continuing protection and rightsmanagement through the editing process, production, distribution, usage,and usage reporting.

[0043] Allowing “virtual rights machines,” consisting of multipledevices and/or other systems that participate and work together in apermanently or in a temporarily connected network to share some or allof the rights management for a single and/or multiple nodes including,for example, allowing resources available in plural such devices and/orother systems, and/or rights associated with plural parties and/orgroups using and/or controlling such devices and/or other systems, to beemployed in concert (according to rights related rules and controls) soas to govern one or more electronic events on any one or more of suchdevices and/or other systems, such event governance including, forexample: viewing, editing, subsetting, anthologizing, printing, copying,titling, extracting, saving, and/or redistributing rights protecteddigital content.

[0044] Allowing for the exchange of rights among peer-to-peer relatingdevices and/or other systems, wherein such devices and/or other systemsparticipate in a temporary or permanently connected network, and whereinsuch rights are bartered, sold for currency, and/or otherwise exchangedfor value and/or consideration where such value and/or consideration isexchanged between such peer-to-peer participating commercial and/orconsumer devices and/or other systems.

[0045] General Purpose DVD/Cost-effective Large Capacity Digital MediaRights Protection and Management

[0046] The inventions described herein can be used with any largecapacity storage arrangement where cost-effective distribution media isused for commercial and/or consumer digital information delivery andDVD, as used herein, should be read to include any such system.

[0047] Copy protection and rights management are important in practicalDVD systems and will continue to be important in other large capacitystorage, playback, and recording systems, presently known or unknown, inthe future. Protection is needed for some or all of the informationdelivered (or written) on most DVD media. Such protection againstcopying is only one aspect of rights management. Other aspects involveallowing rightsholders and others to manage their commercial interests(and to have them enforced, potentially at a distance in time and/orspace) regardless of distribution media and/or channels, and theparticular nature of the receiving appliance and/or device. Such rightsmanagement solutions that incorporate DVD will become even moresignificant as future generations of recordable DVD media and appliancescome to market. Rightsholders will want to maintain and assert theirrights as, for example, video, sound recordings, and other digitalproperties are transmitted from one device to another and as options forrecording become available in the market.

[0048] The apparent convergence between consumer appliances andcomputers, increasing network and modem speeds, the declining cost ofcomputer power and bandwidth, and the increasing capacity of opticalmedia will combine to create a world of hybrid business models in whichdigital content of all kinds may be distributed on optical media playedon at least occasionally connected appliances and/or computers, in whichthe one-time purchase models common in music CDs and initial DVD movieofferings are augmented by other models, for example, lease, pay perview, and rent to own, to name just few. Consumers may be offered achoice among these and other models from the same or differentdistributors and/or other providers. Payment for use may happen over anetwork and/or other communications channel to some payment settlementservice. Consumer usage and audit information may flow back to creators,distributors, and/or other participants. The elementary copy protectiontechnologies for DVD now being introduced cannot support these and othersophisticated models.

[0049] As writable DVD appliances and media become available, additionalhybrid models are possible, including, for example, the distribution ofdigital movies over satellite and cable systems. Having recorded amovie, a consumer may elect a lease, rental, pay-per-view, or othermodel if available. As digital television comes to market, the abilityof writable DVDs to make faithful copies of on-air programming createsadditional model possibilities and/or rights management requirements.Here too, simplistic copy protection mechanisms currently being deployedfor the initial read-only DVD technologies will not suffice.

[0050] Encryption is a Means, Not an End

[0051] Encryption is useful in protecting intellectual properties indigital format, whether on optical media such as DVD, on magnetic mediasuch as disk drives, in the active memory of a digital device and/orwhile being transmitted across computer, cable, satellite, and otherkinds of networks or transmission means. Historically, encryption wasused to send secret messages. With respect to DVD, a key purpose ofencryption is to require the use of a copy control and rights managementsystem in order to ensure that only those authorized to do so byrightsholders can indeed use the content.

[0052] But encryption is more of a means, rather than an end. A centralissue is how to devise methods for ensuring, to the maximal extentpossible, that only authorized devices and parties can decrypt theprotected content and/or otherwise use information only to the extentpermitted by the rightsholder(s) and/or other relevant parties in theprotected content.

[0053] The Present Inventions

[0054] The present inventions provide powerful right managementcapabilities. In accordance with one aspect provided by the presentinvention, encrypted digital properties can be put on a DVD in atamper-resistant software “container” such as, for example, a “DigiBox”secure container, together with rules about “no copy” and/or “copy”and/or “numbers of permitted copies” that may apply and be enforced byconsumer appliances. These same rules, and/or more flexible and/ordifferent rules, can be enforced by computer devices or other systemsthat may provide more and/or different capabilities (e.g., editing,excerpting, one or more payment methods, increased storage capabilityfor more detailed audit information, etc.). In addition, the “softwarecontainer” such as for example, a “DigiBox” secure container, can storecertain content in the “clear” (that is, in unencrypted form). Forexample, movie or music titles, copyright statements, audio samples,trailers, and/or advertising can be stored in the clear and/or could bedisplayed by any appropriate application or device. Such informationcould be protected for authenticity (integrity) when available forviewing, copying, and/or other activities. At the same time, valuabledigital properties of all kinds-film, video, image, text, software, andmultimedia—may be stored at least partially encrypted to be used only byauthorized devices and/or applications and only under permitted, forexample rightsholder-approved, circumstances.

[0055] Another aspect provided in accordance with the present invention(in combination with certain capabilities disclosed in Ginter et al.) isthat multiple sets of rules could be stored in the same “container” on aDVD disk. The software then applies rules depending on whether themovie, for example, was to be played by a consumer appliance orcomputer, whether the particular apparatus has a backchannel (e.g., anon-line connection), the national and/or other legal or geographicregion in which the player is located and/or the movie is beingdisplayed, and/or whether the apparatus has components capable ofidentifying and applying such rules. For example, some usage rules mayapply when information is played by a consumer device, while other rulesmay apply when played by a computer. The choice of rules may be left upto the rightsholder(s) and/or other participants—or some rules may bepredetermined (e.g., based on the particular environment orapplication). For example, film rightsholders may wish to limit copyingand ensure that excerpts are not made regardless of the context in whichthe property is played. This limitation might be applied only in certainlegal or geographic areas. Alternatively, rightsholders of soundrecordings may wish to enable excerpts of predetermined duration (e.g.,no more than 20 seconds) and that these excerpts are not used toconstruct a new commercial work. In some cases, governments may requirethat only “PG” versions of movies and/or the equivalent rating for TVprograms may be played on equipment deployed in their jurisdiction,and/or that the applicable taxes, fees and the like are automaticallycalculated and/or collected if payments related to content recorded onDVD is requested and/or performed (e.g., pay-per-use of a movie, game,database, software product, etc.; and/or orders from a catalog stored atleast in part on DVD media, etc.).

[0056] In a microprocessor controlled (or augmented) digital consumerappliance, such rules contemplated by the present inventions can beenforced, for example, without requiring more than a relatively fewadditions to a central, controlling microprocessor (or other CPU, a IEEE1394 port controller, or other content handling control circuitry),and/or making available some ROM or flash memory to hold the necessarysoftware. In addition, each ROM (or flash or other memory, which suchmemory may be securely connected to, or incorporated into, such controlcircuitry in a single, manufactured component) can, in one example,contain one or more digital documents or “certificate(s)” that uniquelyidentifies a particular appliance, individual identity, jurisdiction,appliance class(es), and/or other chosen parameters. An appliance can,for example, be programmed to send a copy of a digital property toanother digital device only in encrypted form and only inside a new,tamper-resistant “software container.” The container may also, forexample, carry with it a code indicating that it is a copy rather thanan original that is being sent. The device may also put a uniqueidentifier of a receiving device and/or class of devices in the samesecure container. Consequently, for example, in one particulararrangement, the copy may be playable only on the intended receivingdevice, class(es) of devices, and/or devices in a particular region inone non-limiting example and rights related to use of such copy maydiffer according to these and/or other variables.

[0057] The receiving device, upon detecting that the digital property isindeed a copy, can, for example, be programmed not to make anyadditional copies that can be played on a consumer device and/or otherclass(es) of devices. If a device detects that a digital property isabout to be played on a device and/or other class(es) of devices otherthan the one it was intended for, it can be programmed to refuse to playthat copy (if desired).

[0058] The same restrictions applied in a consumer appliance can, forexample, be enforced on a computer equipped to provide rights managementprotection in accordance with the present inventions. In this example,rules may specify not to play a certain film and/or other content on anydevice other than a consumer appliance and/or classes of appliances, forexample. Alternatively, these same powerful capabilities could be usedto specify different usage rules and payment schemes that would applywhen played on a computer (and/or in other appliances and/or classes ofappliances), as the rightsholder(s) may desire, for example, differentpricing based upon different geographic or legal locales where contentis played.

[0059] In addition, if “backchannels” are present-for example, settopboxes with bi-directional communications or computers attached tonetworks—the present inventions contemplate electronic, independentdelivery of new rules if desired or required for a given property. Thesenew rules may, for example, specify discounts, time-limited sales,advertising subsidies, and/or other information if desired. As notedearlier, determination of these independently delivered rules isentirely up to the rightsholder(s) and/or others in a given model.

[0060] The following are two specific examples of a few aspects of thepresent invention discussed above:

[0061] 1. An Analog to Digital Copying Example

[0062] a) Bob has a VHS tape he bought (or rented) and wants to make acopy for his own use. The analog film has copy control codes embedded sothat they do not interfere with the quality of the signal. Bob has awritable DVD appliance that is equipped to provide rights managementprotection in accordance with the present invention. Bob's DVD recorderdetects the control codes embedded in the analog signal (for example,such recorder may detect watermarks and/or fingerprints carrying rightsrelated control and/or usage information), creates a new securecontainer to hold the content rules and describe the encoded film, andcreates new control rules (and/or delivers to a secure VDE system forstorage and reporting certain usage history related information such asuser name, time, etc.) based on the analog control codes and/or otherinformation it detected and that are then placed in the DigiBox and/orinto a secure VDE installation data store such as a secure data base.Bob can play that copy back on his DVD appliance whenever he chooses.

[0063] b) Bob gives the DVD disk he recorded to Jennifer who wishes toplay it on computer that has a DVD drive. Her computer is equipped toprovide rights management protection in accordance with the presentinvention. Her computer opens the “DigiBox,” detects that this copy isbeing used on a device different from the one that recorded it (anunauthorized device) and refuses to play the copy.

[0064] c) Bob gives the DVD disk to Jennifer as before, but now Jennifercontacts electronically a source of new rules and usage consequences,which might be the studio, a distributor, and/or a rights andpermissions clearinghouse, (or she may have sufficient rights already onher player to play the copy). The source sends a DigiBox container toJennifer with rules and consequences that permit playing the movie onher computer while at the same time charging her for use, even thoughthe movie was recorded on DVD by Bob rather than by the studio or othervalue chain participant.

[0065] 2. A Digital to Analog Copying Example

[0066] a) Jennifer comes home from work, inserts a rented or owned DVDinto a player connected to, or an integral part of her TV, and plays thedisk. In a completely transparent way, the film is decrypted, the formatis converted from digital to analog, and displayed on her analog TV.

[0067] b) Jennifer wishes to make a copy for her own use. She plays thefilm on an DVD device incorporating rights management protection inaccordance with the present invention, that opens the DigiBox securecontainer, accesses the control information, and decrypts the film. Sherecords the analog version on her VCR which records a high-quality copy.

[0068] c) Jennifer gives the VCR copy to Doug who wishes to make a copyof the analog tape for his own use, but the analog control informationforces the recording VCR to make a lower-quality copy, or may preventcopying. In another non-limiting example, more comprehensive rightsmanagement information may be encoded in the analog output using themethods and/or systems described in more detail in the above referencedVan Wie and Weber patent application.

[0069] In accordance with one aspect provided by this invention, thesame portable storage medium, such as a DVD, can be used with a range ofdifferent, scaled protection environments providing different protectioncapabilities. Each of the different environments may be enabled to usethe information carried by the portable storage medium based on rightsmanagement techniques and/or capabilities supported by the particularenvironment. For example, a simple, inexpensive home consumer diskplayer may support copy protection and ignore more sophisticated andcomplex content rights the player is not equipped to enable. A moretechnically capable and/or secure platform (e.g., a personal computerincorporating a secure processing component possibly supported by anetwork connection, or a “smarter” appliance or device) may, forexample, use the same portable storage medium and provide enhanced usagerights related to use of the content carried by the medium based on morecomplicated rights management techniques (e.g., requiring payment ofadditional compensation, providing secure extraction of selected contentportions for excerpting or anthologizing, etc.). For example, a controlset associated with the portable storage medium may accommodate a widevariety of different usage capabilities-with the more advanced orsophisticated uses requiring correspondingly more advanced protectionand rights management enablement found on some platforms and not others.Lower-capability environments can, as another example, ignore (or notenable or attempt to use) rights in the control set that they don'tunderstand, while higher-capability environments (having awareness ofthe overall capabilities they provide), may, for example, enable therights and corresponding protection techniques ignored by thelower-capability environments.

[0070] In accordance with another aspect provided by the invention, amedia- and platform-independent security component can be scaled interms of functionality and performance such that the elementary rightsmanagement requirements of consumer electronics devices are subsets of aricher collection of functionality that may be employed by more advancedplatforms. The security component can be either a physical, hardwarecomponent, or a “software emulation” of the component. In accordancewith this feature, an instance of medium (or more correctly, one versionof the content irrespective of media) can be delivered to customersindependently of their appliance or platform type with the assurancethat the content will be protected. Platforms less advanced in terms ofsecurity and/or technical capabilities may provide only limited rightsto use the content, whereas more advanced platforms may provide moreexpansive rights based on correspondingly appropriate securityconditions and safeguards.

[0071] In accordance with a further aspect provided by the presentinvention, mass-produced, inexpensive home consumer DVD players (such asthose constructed, for example, with minimum complexity and parts count)can be made to be compatible with the same DVDs or other portablestorage media used by more powerful and/or secure platforms (such as,for example, personal computers) without degrading advanced rightsmanagement functions the storage media may provide in combination withthe more powerful and/or secure platforms. The rights management andprotection arrangement provided and supported in accordance with thisaspect of the invention thus supports inexpensive basic copy protectionand can further serve as a commercial convergence technology supportinga bridging that allows usage in accordance with rights of the samecontent by a limited resource consumer device while adequatelyprotecting the content and further supporting more sophisticatedsecurity levels and capabilities by (a) devices having greater resourcesfor secure rights management, and/or (b) devices having connectivitywith other devices or systems that can supply further secure rightsmanagement resources. This aspect of the invention allows multipledevices and/or other systems that participate and work together in apermanently or temporarily connected network to share the rightsmanagement for at least one or more electronic events (e.g., managedthrough the use of protected processing environments such as describedin Ginter et al.) occuring at a single, or across multiple nodes andfurther allows the rights associated with parties and/or groups usingand/or controlling such multiple devices and/or other systems to beemployed according to underlying rights related rules and controls, thisallowing, for example, rights available through a corporate executive'sdevice to be combined with or substitute for, in some manner, the rightsof one or more subordinate corporate employees when their computing orother devices of these parties are coupled in a temporary networkingrelationship and operating in the appropriate context. In general, thisaspect of the invention allows distributed rights management for DVD orotherwise packaged and delivered content that is protected by adistributed, peer-to-peer rights management. Such distributed rightsmanagement can operate whether the DVD appliance or other electronicinformation usage device is participating in a permanently ortemporarily connected network and whether or not the relationships amongthe devices and/or other systems participating in the distributed rightsmanagement arrangement are relating temporarily or have a more permanentoperating relationship. In this way, the same device may have differentrights available depending on the context in which that device isoperating (e.g., in a corporate environment such as in collaborationwith other individuals and/or with groups, in a home environmentinternally and/or in collaboration with external one or more specifiedindividuals and/or other parties, in a retail environment, in aclassroom setting as a student where a student's notebook mightcooperate in rights management with a classroom server and/or instructorPC, in a library environment where multiple parties are collaborativelyemploying differing rights to use research materials, on a factory floorwhere a hand held device works in collaboration with control equipmentto securely and appropriately perform proprietary functions, and so on).

[0072] For example, coupling a limited resource device arrangement, suchas a DVD appliance, with an inexpensive network computer (NC), or apersonal computer (PC), may allow an augmenting (or replacing) of rightsmanagement capabilities and/or specific rights of parties and/or devicesby permitting rights management to be a result of a combination of someor all of the rights and/or rights management capabilities of the DVDappliance and those of an Network or Personal Computer (NC or PC). Suchrights may be further augmented, or otherwise modified or replaced bythe availability of rights management capabilities provided by a trusted(secure) remote network rights authority.

[0073] These aspects of the present invention can allow the same device,in this example a DVD appliance, to support different arrays, e.g.,degrees, of rights management capabilities, in disconnected andconnected arrangements and may further allow available rights to resultfrom the availability of rights and/or rights management capabilitiesresulting from the combination of rights management devices and/or othersystems. This may include one or more combinations of some or all of therights available through the use of a “less” secure and/or resource poordevice or system which are augmented, replaced, or otherwise modifiedthrough connection with a device or system that is “more” or“differently” secure and/or resource rich and/or possesses differing ordifferent rights, wherein such connection employs rights and/ormanagement capabilities of either and/or both devices as defined byrights related rules and controls that describe a shared rightsmanagement arrangement.

[0074] In the latter case, connectivity to a logically and/or physicallyremote rights management capability can expand (by, for example,increasing the available secure rights management resources) and/orchange the character of the rights available to the user of the DVDappliance or a DVD appliance when such device is coupled with an NC,personal computer, local server, and/or remote rights authority. In thisrights augmentation scenario, additional content portions may beavailable, pricing may change, redistribution rights may change (e.g.,be expanded), content extraction rights may be increased, etc.

[0075] Such “networking rights management” can allow for a combinationof rights management resources of plural devices and/or other systems indiverse logical and/or physical relationships, resulting in eithergreater or differing rights through the enhanced resources provided byconnectivity with one or more “remote” rights authorities. Further,while providing for increased and/or differing rights managementcapability and/or rights, such a connectivity based rights managementarrangement can support multi-locational content availability, byproviding for seamless integration of remotely available content, forexample, content stored in remote, Internet world wide web-based,database supported content repositories, with locally available contenton one or more DVD discs.

[0076] In this instance, a user may experience not only increased ordiffering rights but may use both local DVD content and supplementingcontent (i.e., content that is more current from a time standpoint, morecostly, more diverse, or complementary in some other fashion, etc.). Insuch an instance, a DVD appliance and/or a user of a DVD appliance (orother device or system connected to such appliance) may have the samerights, differing, and/or different rights applied to locally andremotely available content, and portions of local and remotely availablecontent may themselves be subject to differing or different rights whenused by a user and/or appliance. This arrangement can support anoverall, profound increase in user content opportunities that areseamlessly integrated and efficiently available to users in a singlecontent searching and/or usage activity by exploiting the rightsmanagement and content resources of plural, connected arrangements.

[0077] Such a rights augmenting remote authority may be directly coupledto a DVD appliance and/or other device by modem, or directly orindirectly coupled through the use of an I/O interface, such as a serial1394 compatible controller (e.g., by communicating between a 1394enabled DVD appliance and a local personal computer that functions as asmart synchronous or asynchronous information communications interfaceto such one or more remote authorities, including a local PC or NC orserver that serves as a local rights management authority augmentingand/or supplying the rights management in a DVD appliance).

[0078] In accordance with yet another aspect provided by this invention,rights provided to, purchased, or otherwise acquired by a participantand/or participant DVD appliance or other system can be exchanged amongsuch peer-to-peer relating devices and/or other systems through the useof one or more permenantly or temporarily networked arrangments. In sucha case, rights may be bartered, sold, for currency, otherwise exchangedfor value, and/or loaned so long as such devices and/or other systemsparticipate in a rights management system, for example, such as theVirtual Distribution Environment described in Ginter, et al., and employrights transfer and other rights management capabilities describedtherein. For example, this aspect of the present invention allowsparties to exchange games or movies in which they have purchased rights.Continuing the example, an individual might buy some of a neighbor'susage rights to watch a movie, or transfer to another party creditreceived from a game publisher for the successful superdistribution ofthe game to several acquaintances, where such credit is transferred(exchanged) to a friend to buy some of the friend's rights to play adifferent game a certain number of times, etc.In accordance with yetanother aspect provided by this invention, content carried by a portablestorage medium such as a DVD is associated with one or more encryptionkeys and a secure content identifier. The content itself (or informationrequired to use the content) is at least partially cryptographicallyencrypted-with associated decryption keys being required to decrypt thecontent before the content can be used. The decryption keys maythemselves be encrypted in the form of an encrypted key block. Differentkey management and access techniques may be used, depending on theplatform.

[0079] In accordance with still yet another aspect provided by thisinvention, electronic appliances that “create” digital content (or evenanalog content)—e.g., a digital camera/video recorder or audiorecorder—can be readily equipped with appropriate hardware and/orsoftware so as to produce content that is provided within a securecontainer at the outset. For example, content recorded by a digitalcamera could be immediately packaged in a secure container by the cameraas it is recording. The camera could then output content alreadypackaged in a secure container(s). This could preclude the need toencapsulate the content at a later point in time or at a laterproduction stage, thus, saving at least one production-process step inthe overall implementation of electronic rights management in accordancewith the present invention. Moreover, it is contemplated that the veryprocess of “reading” content for use in the rights managementenvironment might occur at many steps along a conventional productionand distribution process (such as during editing and/or the so called“pressing” of a master DVD or audio disk, for example). Accordingly,another significant advantage of the present invention is that rightsmanagement of content essentially can be extended throughout and acrosseach appropriate content creation, editing, distribution, and usagestages to provide a seamless content protection architecture thatprotects rights throughout an entire content life cycle.

[0080] In one example embodiment, the storage medium itself carries keyblock decryption key(s) in a hidden portion of the storage medium notnormally accessible through typical access and/or copying techniques.This hidden key may be used by a drive to decrypt the encrypted keyblock—such decrypted key block then being used to selectively decryptcontent and related information carried by the medium. The drive may bedesigned in a secure and tamper-resistant manner so that the hidden keysare never exposed outside of the drive to provide an additional securitylayer.

[0081] In accordance with another example embodiment, a video disk drivemay store and maintain keys used to decrypt an encrypted key block. Thekey block decryption keys may be stored in a drive key store, and may beupdatable if the video disk drive may at least occasionally use acommunications path provided, for example, by a set top box, networkport or other communications route.

[0082] In accordance with a further example embodiment, a virtualdistribution environment secure node including a protected processingenvironment such as a hardware-based secure processing unit may controlthe use of content carried by a portable storage medium such as adigital video disk in accordance with control rules and methodsspecified by one or more secure containers delivered to the secure nodeon the medium itself and/or over an independent communications path suchas a network.

[0083] Certain conventional copy protection for DVD currently envisionsCGMA copy protection control codes combined with certain encryptiontechniques first proposed apparently by Matsushita Corporation.Notwithstanding the limited benefits of this approach to digitalproperty protection, the present invention is capable of providing asupplementary, compatible, and far more comprehensive rights managementsystem while also providing additional and/or different options andsolutions. The following are some additional examples of advantageousfeatures provided in accordance with the inventions:

[0084] Strong security to fully answer content supplier needs.

[0085] Value chain management automation and efficiencies includingdistributed rights protection, “piece of the tick” paymentdisaggregation to value chain participants, cost-effectivemicro-transaction management, and superdistribution, including offlinemicropayment and microtransaction support for at least occasionallyconnected devices.

[0086] Simplified, more efficient channel management including supportfor the use of the same content deliverable on limited resource, greaterresource, standalone, and/or connected devices.

[0087] Can be used with any medium and application type and/or all formsof content and content models—not just compressed video and sound as insome prior techniques and supports the use of copies of the same ormaterially the same content containers across a wide variety of mediadelivery systems (e.g., broadcast, Internet repository, optical disc,etc) for operation on a wide variety of different electronic appliances(e.g., digital cameras, digital editing equipment, sound recorders,sound editing equipment, movie theater projectors, DVD appliances,broadcast tape players, personal computers, smart televisions, etc).

[0088] Asset management and revenue and/or other considerationmaximizing through important new content revenue and/or otherconsideration opportunities and the enhancement of value chain operatingefficiencies.

[0089] Is capable of providing 100% compatibility with the otherprotection techniques such as, for example, CGMA protection codes and/orMatsushita data scrambling approaches to DVD copy protection.

[0090] Can be employed with a variety of existing data scrambling orprotection systems to provide very high degrees of compatibility and/orlevel of functionality.

[0091] Allows DVD technology to become a reusable, programmable,resource for an unlimited variety of entertainment, informationcommerce, and cyberspace business models.

[0092] Enables DVD drive and/or semiconductor component manufacturersand/or distributors and/or other value adding participants to becomeproviders of, and rights holders in, the physical infrastructure of theemerging, connected world of the Internet and Intranets where they maycharge for the use of a portion (e.g., a portion they provided) of thedistributed, physical infrastructure as that portion participates incommercial networks. Such manufacturers and/or distributors and/or othervalue adding participants can enjoy the revenue benefits resulting fromparticipation in a “piece of the tick” by receiving a small portion ofthe revenue received as a result of a participating transaction.

[0093] Provides automated internationalization, regionalization, andrights management in that:

[0094] DVD content can be supplied with arrays of different rule setsfor automatic use depending on rights and identity of the user; and

[0095] Societal rights, including taxes, can be handled transparently.

[0096] In addition, the DVD rights management method and apparatus ofthe present invention provides added benefits to mediarecorders/publishers in that it:

[0097] Works with a current “keep honest people honest” philosophy.

[0098] Can provide 100% compatibility with other protection schemes suchas for example, Matsushita data scrambling and/or CGMA encoded discs.

[0099] Can work with and/or supplement other protection schemes toprovide desired degree and/or functionality, or can be used in additionto or instead of other approaches to provide additional and/or differentfunctionality and features.

[0100] Provides powerful, extensible rights management that reachesbeyond limited copy protection models to rights management for thedigitally convergent world.

[0101] Empowers recording/publishing studios to create sophisticatedasset management tools.

[0102] Creates important business opportunities through controlled useof studio properties in additional multimedia contexts.

[0103] Uniquely ties internationalization, regionalization,superdistribution, repurposing, to content creation processes and/orusage control.

[0104] Other aspects of the present invention provide benefits to othertypes of rightsholders, such as for example:

[0105] Persistent, transparent protection of digital content—globally,through value chain and process layers.

[0106] Significant reduction in revenue loss from copying andpass-along.

[0107] Converts “pass-along,” copying, and many forms of copyrightinfringement from a strategic business threat to a fundamental businessopportunity.

[0108] A single standard for all digital content regardless of mediaand/or usage locality and other rights variables.

[0109] Major economies of scale and/or scope across industries,distribution channels, media, and content type.

[0110] Can support local usage governance and auditing within DVDplayers allowing for highly efficient micro-transaction support,including multiparty microtransactions and transparent multipartymicrotransactions.

[0111] Empowers rightsholders to employ the broadest range of pricing,business models, and market strategies—as they see fit.

[0112] Further aspects of the present invention which may provebeneficial to DVD and other digital medium appliance manufacturers are:

[0113] Capable of providing bit for bit compatibility with existingdiscs.

[0114] Content type independent.

[0115] Media independent and programmable/reusable.

[0116] Highly portable transition to next generation of applianceshaving higher density devices and/or a writable DVD and/or other opticalmedia format(s).

[0117] Participation in revenue flow generated using the appliance.

[0118] Single extensible standard for all digital content appliances.

[0119] Ready for the future “convergent” world in which many appliancesare connected in the home using, as one example, IEEE 1394 interfaces orother means (e.g., some appliances will be very much like computers andsome computers will be very much like appliances).

[0120] Aspects of the present inventions provide many benefits tocomputer and OS manufacturers such as for example:

[0121] Implementation in computers as an extension to the operatingsystem, via for example, at least one transparent plug-in, and does notrequire modifications to computer hardware and/or operating systems.

[0122] Easy, seamless integration into operating systems and intoapplications.

[0123] Extremely strong security, especially when augmented with “securesilicon” (i.e., hardware/firmware protection apparatus fabricated onchip).

[0124] Transforms user devices into true electronic commerce appliances.

[0125] Provides a platform for trusted, secure rights management andevent processing.

[0126] Programmable for customization to specialized requirements.

[0127] Additional features and advantages provided in accordance withthe inventions include, for example:

[0128] Information on the medium (for example, both properties andmetadata) may be encrypted or not.

[0129] Different information (for example, properties, metadata) may beencrypted using different keys. This provides greater protection againstcompromise, as well as supporting selective usage rights in the contextof a sophisticated rights management system.

[0130] There may be encrypted keys stored on the medium, although thisis not required. These keys may be used to decrypt the protectedproperties and metadata. Encrypted keys are likely to be used becausethat allows more keying material for the information itself, while stillkeeping access under control of a single key.

[0131] Multiple sets of encrypted keys may be stored on the medium,either to have different sets of keys associated with differentinformation, or to allow multiple control regimes to use the sameinformation, where each control regime may use one or more differentkeys to decrypt the set of encrypted keys that it uses.

[0132] To support the ability of the player to access rights managedcontainers and/or content, a decryption key for the encrypted keys maybe hidden on the medium in one or more locations that are not normallyaccessible. The “not normally accessible” location(s) may be physicallyenabled for drives installed in players, and disabled for drivesinstalled in computers. The enablement may be different firmware, ajumper on the drive, etc.

[0133] The ability of the player to access rights managed containersand/or content may also be supported by one or more stored keys insidethe player that decrypts certain encrypted keys on the medium.

[0134] Keys in a player may allow some players to play differentproperties than others. Keys could be added to, and/or deleted from theplayer by a network connection (e.g., to a PC, a cable system, and/or amodem connection to a source of new and/or additional keys and/or keyrevocation information) or automatically loaded by “playing” a keydistribution DVD.

[0135] Controlling computer use may be supported by some or all of thesame techniques that control player use of content and/or rightsmanagemnt information.

[0136] Controlling computer use of content and/or rights managementinformation may be supported by having a computer receive, through meansof a trusted rights management system, one or more appropriate keys.

[0137] A computer may receive additional keys that permit decryption ofcertain encrypted keys on the medium.

[0138] A computer may receive additional keys that permit decryption ofone or more portions of encrypted data directly. This may permitselective use of information on the medium without disclosing keys(e.g., a player key that decrypts any encrypted keys).

[0139] In accordance with further aspects provided by the presentinvention, a secure “software container” is provided that allows:

[0140] Cryptographically protected encapsulation of content, rightsrules, and usage controls.

[0141] Persistent protection for transport, storage, and value chainmanagement.

[0142] Sophisticated rules interface architecture.

[0143] Elements can be delivered independently, such as new controls,for example, regarding discount pricing (e.g. sale pricing, specificcustomer or group discounts, pricing based on usage patterns, etc.)and/or other business model changes, can be delivered after the propertyhas been distributed (this is especially beneficial for large propertiesor physical distribution media (e.g., DVD, CD-ROM) since redistributioncosts may be avoided and consumers may continue to use their librariesof discs). In addition, encrypted data can be located “outside” thecontainer. This can allow, for example, use of data stored independentlyfrom the controls and supports “streaming” content as well as “legacy”systems (e.g., CGMS).

BRIEF DESCRIPTION OF THE DRAWINGS

[0144] These and other features and advantages provided in accordancewith these inventions may be better and more completely understood byreferring to the following detailed description of presently preferredexamples in conjunction with the drawings, of which:

[0145]FIG. 1A shows example home consumer electronics equipment forusing portable storage media such as digital video disks;

[0146]FIG. 1B shows example secure node equipment for using the sameportable storage media but providing more advanced rights managementcapabilities;

[0147]FIG. 1C shows an example process for manufacturing protectedoptical disks;

[0148]FIG. 2A shows an example architecture of the FIG. 1A consumerelectronics equipment;

[0149]FIG. 2B shows an example architecture for the FIG. 1B secure nodeequipment;

[0150]FIG. 3 shows example data structures used by the FIG. 1Aequipment;

[0151]FIG. 3A and 3B show example control set definitions;

[0152]FIGS. 4A and 4B show example usage techniques provided by the FIG.1A appliance;

[0153]FIG. 5 shows example data structures used by the FIG. 1B securenode for accessing information on the storage medium;

[0154]FIG. 6 shows an example usage technique performed by the FIG. 1Bsecure node;

[0155]FIG. 7 is a block diagram illustrating an example of a specialsecure software container contained on a DVD;

[0156]FIG. 8 is a block diagram illustrating an example of a securecontainer along with the video property content stored on a DVD medium;

[0157]FIG. 9 is a block diagram illustrating another example of astandard container stored on a DVD medium including an additionalcontainer having a more complex rule arrangement for use, for example,with a secure node;

[0158]FIG. 10 shows an example use of a DVD having a container (i.e.,stored on the medium) with a DVD player provided with a secure rightsmanagement node, and also shows use of the same DVD with a DVD playerthat does not have a secure rights management node;

[0159]FIG. 11 is a block diagram illustrating use of a DVD that does nothave a container on a DVD player that is provided with rights managementsecure node in accordance with the present invention as compared withuse of the same DVD with a DVD player that does not have a secure node;

[0160] FIGS. 12-14 show example network configurations; and

[0161] FIGS. 15A-15C show an example virtual rights process.

DETAILED DESCRIPTION OF PRESENTLY PREFERRED EXAMPLE EMBODIMENTS OverallExample Digital Video Disk Usage System

[0162]FIG. 1A shows example inexpensive mass-produced home consumerelectronics equipment 50 for using information stored on a storagemedium 100 such as a portable digitally-encoded optical disk (e.g., adigital video disk or “DVD”). Consumer equipment 50 includes a dedicateddisk player 52, that in some embodiments, may also have the capabilityto write optical media (writeable DVD disks, or “DVD-RAM”) for example)as well, connected to a home color television set 54. A remote controlunit 56 may be used to control the disk player 52 and/or television set54.

[0163] In one example, disk 100 may store a feature length motionpicture or other video content. Someone wishing to watch the contentstored on disk 100 may purchase or rent the disk, insert the disk intoplayer 52 and use remote control 56 (and/or controls 58 that may beprovided on player 52) to control the player to play back the contentvia home television set 54.

[0164] In some embodiments, remote control 56 (and/or controls 58 thatmay be provided on device 52) may be used to control the recording of amovie, for example. Player 52 reads the digitized video and audioinformation carried by disk 100, converts it into signals compatiblewith home color television set 54, and provides those signals to thehome color television set.

[0165] In some embodiments, television set 54 (and/or a set top box)provide the video signals to be recorded by device 52 on writableoptical media, DVD-RAM in one non-limiting example. Television set 54produces images on screen 54 a and produces sounds through loudspeakers54 b based on the signals player 52 provides to the television set.

[0166] The same disk 100 may be used by a more advanced platform 60shown in FIG. 1B. Platform 60 may include, for example, a personalcomputer 62 connected to a display monitor 64, a keyboard 66, a mousepointing device 68, and a loudspeaker 70. In this example, platform 60may be able to play back the content stored on disk 100 in the same wayas dedicated disk player 52, but may also be capable of moresophisticated and/or advanced uses of the content as enabled by thepresence of secure node 72 within the platform. (In some embodiments,platform 60 may also be able to record content on writable opticalmedia, DVD-RAM, in one non-limiting example.) For example, it may bepossible, using platform 60 and its secure node 72, to interactivelypresent the motion picture or other content such that the user may inputchoices via keyboard 66 and/or mouse pointing device 68 that, in realtime, change the presentation provided via display 64 and loudspeaker60.

[0167] As one example, the platform 60 user selects from optionsdisplayed on display 64 that cause the content presentation sequence tochange (e.g., to provide one of a number of different endings, to allowthe user to interactively control the flow of the images presented,etc.). Computer 62 may also be capable of using and manipulating digitaldata including for example computer programs and/or other informationstored on disk 100 that player 52 cannot handle.

[0168] Secure node 72 provides a secure rights management facility thatmay, for example, permit more invasive or extensive use of the contentstored on disk. For example, dedicated player 52 may prevent any copyingof content stored by disk 100, or it may allow the content to be copiedonly once and never again. Platform 60 including secure node 72, on theother hand, may allow multiple copies of some or all of the samecontent-but only if certain conditions are met (e.g., the user ofequipment 60 falls within a certain class of people, compensation at anagreed on rate is securely provided for each copy made, only certainexcerpts of the content are copied, a secure audit trail is maintainedand reported for each copy so made, etc.). (In some embodiments,dedicated player 52 may send protected content only to devicesauthenticated as able to enforce securely rights management rules andusage consequences. In some embodiments, devices may authenticate usingdigital certificates, one non-limiting example being certificatesconforming to the X.509 standard.) Hence, platform 60 including securenode 72 can, in this example, use the content provided by disk 100 in avariety of flexible, secure ways that are not possible using dedicatedplayer 52—or any other appliance that does not include a secure node.

Example Secure Disk Creation and Distribution Process

[0169]FIG. 1C shows an example secure process for creating a mastermultimedia DVD disk 100 for use with players 50, 60. In this example, adigital camera 350 converts light images (i.e., pictures) into digitalinformation 351 representing one or a sequence of images. Digital camera350 in this example includes a secure node 72A that protects the digitalinformation 351 before it leaves camera 350. Such protection can beaccomplished, for example, by packaging the digital information withinone or more containers and/or associating controls with the digitalinformation.

[0170] In this example, digital camera 350 provides the protecteddigital image information 351 to a storage device such as, for example,a digital tape recorder 352. Tape recorder 352 stores the digital imageinformation 351 (along with any associated controls) onto a storagemedium such as magnetic tape cartridge 354 for example. Tape recorder352 may also include a secure node 72B. Secure node 72B in this examplecan understand and enforce the controls that the digital camera securenode 72A applies to and/or associated with the digital information 351,and/or it may apply its own controls to the stored information.

[0171] The same or different tape recorder 352 may play back protecteddigital information 351 to a digital mixing board 356. Digital mixingboard 356 may mix, edit, enhance or otherwise process the digitalinformation 351 to generate processed digital information 358representing one or a sequence of images. Digital mixing board 356 mayreceive additional inputs from other devices such as for example othertape recorders, other digital cameras, character generators, graphicsgenerators, animators, or any other image-based devices. Any or all ofsuch devices may also include secure nodes 72 to protect the informationthey generate. In some embodiments, some of the digital information canbe derived from equipment including a secure node, and other digitalinformation can be derived from equipment that has no secure node. Instill other embodiments, some of the digital information provided todigital mixer 356 is protected and some is not protected.

[0172] Digital mixing board 356 may also include a secure node 72C inthis example. The digital mixing board secure node 72C may enforcecontrols applied by digital camera secure node 72A and/or tape recordersecure node 72B, and/or it may add its own protections to the digitalinformation 358 it generates.

[0173] In this example, an audio microphone 361 receives sound andconverts the sound into analog audio signals. The audio signals in thisexample are inputted to a digital audio tape recorder 362. In theexample shown, tape recorder 362 and audio mixer 364 are digitaldevices. However, in other embodiments, one, the other or both of thesedevices may operate in the analog domain. In the example shown, digitalaudio tape recorder 362 converts the analog audio signals into digitalinformation representing the sounds, and stores the digital information(and any associated controls) onto a tape 362.

[0174] In this example, audio tape recorder 362 includes a secure node72E that may associate controls with the information stored on tape 363.Such controls may be stored with the information on the tape 363. Inanother embodiment, microphone 361 may include its own internal securenode 72 that associates control information with the audio information(e.g., by steganographically encoding the audio information with controlinformation). The tape recorder 362 may enforce such controls applied bymicrophone 361.

[0175] Alternatively, microphone 361 may operate in the digital domainand provide digital representations of audio, perhaps including controlinformation supplied by secure node 72 optionally incorporated inmicrophone 361, directly to connected devices such as audio taperecorder 362. Digital representations may optionally be substituted foranalog representations of any signals between the devices in the exampleFIG. 1 C.

[0176] The same or different tape recorder 362 may play back theinformation recorded on tape 363, and provide the information 366 to anaudio mixer 364. Audio mixer 364 may edit, mix, or otherwise process theinformation 366 to produce information 368 representing one or asequence of sounds. Audio mixer 364 may also receive inputs from otherdevices such as for example other tape recorders, other microphones,sound generators, musical synthesizers, or any other audio-baseddevices. Any or all of such devices may also include secure nodes 72 toprotect the information they generate. In some embodiments, some of thedigital information is derived from equipment including a secure node,and other digital information is derived from equipment that has nosecure node. In still other embodiments, some of the digital informationprovided to audio mixer 364 is protected and some is not protected.

[0177] Audio mixer 364 in this example includes a secure node 72F thatenforces the controls, if any, applied by audio tape recorder securenode 72E; and/or applies its own controls.

[0178] Digital image mixer 356 may provide digital information 358 to“DVD-RAM” equipment 360 that is capable of writing to master disks 100and/or to disks from which master dicks may be created Similarly, audiomixer 364 may provide digital information 368 to equipment 360.Equipment 360 records the image information 358 and audio information368 onto master disk 100. In this example, equipment 360 may include asecure node 72D that enforces controls applied by digital camera securenode 72A, tape recorder secure node 72B, digital mixer secure node 72Caudio tape recorder secure node 72E and/or audio mixer secure node 72F;and/or it may add its own protections to the digital information 358 itwrites onto master disks 100. A disk manufacturer can then mass-producedisks 100(1)-100(N) based on the master disk 100 using conventional diskmass-production equipment for distribution through any channels (e.g.,video and music stores, websites, movie theaters, etc.). Consumerappliances 50 shown in FIGS. 1A and 1B may play back the disks100—enforcing the controls applied to the information stored on thedisks 100. Secure nodes 72 thus maintain end-to-end, persistent securecontrol over the images generated by digital camera 350 and the soundsgenerated by microphone 361 during the entire process of making,distributing and using disks 100.

[0179] In the FIG. 1C example shown, the various devices may communicatewith one another over so-called “IEEE 1394” high-speed digital serialbusses. In this context, “IEEE 1394” refers to hardware and softwarestandards set forth in the following standards specificationincorporated by reference herein: 1394-1995 IEEE Standard for a HighPerformance Serial Bus, No. 1-55937-583-3 (Institute of Electrical andElectronics Engineers 1995). This specification describes a high-speedmemory mapped digital serial bus that is self-configuring, hotpluggable, low cost and scalable. The bus supports isochronous andasynchronous transport at 100, 200 or 400 Mbps, and flexibly supports anumber of different topologies. The specification describes a physicallevel including two power conductors and two twisted pairs forsignalling. The specification further describes physical, link andtransaction layer protocols including serial bus management.Alternatively, any other suitable electronic communication means may besubstituted for the “IEEE 1394” medium shown in FIG. 1C, including otherwired media (e.g., Ethernet, universal serial bus), and/or wirelessmedia based on radio-frequency (RF) transmission, infra-red signals,and/or any other means and/or types of electronic communication.

Example Dedicated Player Architecture

[0180]FIG. 2A shows an example architecture for dedicated player 52. Inthis example, player 52 includes a video disk drive 80, a controller 82(e.g., including a microprocessor 84, a memory device such as a readonly memory 86, and a user interface 88), and a video/audio processingblock 90. Video disk drive 80 optically and physically cooperates withdisk 100, and reads digital information from the disk. Controller 82controls disk drive 80 based on program instructions executed bymicroprocessor 84 and stored in memory 86 (and further based on userinputs provided by user interface 88 which may be coupled to controls 58and/or remote control unit 56). Video/audio processing block 90 convertsdigital video and audio information read by disk drive 80 into signalscompatible with home color television set 54 using standard techniquessuch as video and audio decompression and the like. Video/audioprocessing block 90 may also insert a visual marking indicating theownership and/or protection of the video program. Block 90 may alsointroduce a digital marking indicating to a standard recording devicethat the content should not be recorded.

Example Secure Node Architecture

[0181]FIG. 2B shows an example architecture for platform 60 shown inFIG. 1B—which in this example is built around a personal computer 62 butcould comprise any number of different types of appliances. In thisexample, personal computer 62 may be connected to an electronic network150 such as the Internet via a communications block 152. Computerequipment 62 may include a video disk drive 80′ (which may be similar oridentical to the disk drive 80 included within example player 52).Computer equipment 62 may further include a microprocessor 154, a memory156 (including for example random access memory and read only memory), amagnetic disk drive 158, and a video/audio processing block 160.Additionally, computer equipment 62 may include a tamper-resistantsecure processing unit 164 or other protected processing environment.Secure node 72 shown in FIG. 1B may thus be provided by a secureprocessing unit 164, software executing on microprocessor 154, or acombination of the two. Different embodiments may provide secure node 72using software-only, hardware-only, or hybrid arrangements.

[0182] Secure node 72 in this example may provide and support a ageneral purpose Rights Operating System employing reusable kernel andrights language components. Such a commerce-enabling Rights OperatingSystem provides capabilities and integration for advanced commerceoperating systems of the future. In the evolving electronic domain,general purpose, reusable electronic commerce capabilities that allparticipants can rely on will become as important as any othercapability of operating systems. Moreover, a rights operating systemthat provides, among other things, rights and auditing operating systemfunctions can securely handle a broad range of tasks that relate to avirtual distribution environment. A secure processing unit can, forexample, provide or support many of the security functions of the rightsand auditing operating system functions. The other operating systemfunctions can, for example, handle general appliance functions. Theoverall operating system may, for example, be designed from thebeginning to include the rights and auditing operating system functionsplus the other operating system functions, or the rights and auditingoperating system functions may, in another example, be an add-on to apreexisting operating system providing the other operating systemfunctions. Any or all of these features may be used in combination withthe invention disclosed herein.

Example Disk Data Structures and Associated Protections

[0183]FIG. 3 shows some example data structures stored on disk 100. Inthis example, disk 100 may store one or more properties or other content200 in protected or unprotected form. Generally, in this example, aproperty 200 is protected if it is at least in part encrypted and/orassociated information needed to use the property is at least in partencrypted and/or otherwise unusable without certain conditions havingbeing met. For example, property 200(1) may be completely or partiallyencrypted using conventional secure cryptographic techniques. Anotherproperty 200(2) may be completely unprotected so that it can be usedfreely without any restriction. Thus, in accordance with this example,disk 100 could store both a movie as a protected property 200(1) and anunprotected interview with the actors and producers or a “trailer” asunprotected property 200(2). As shown in this example, disk 100 maystore any number of different properties 200 in protected or unprotectedform as limited only by the storage capacity of the disk.

[0184] In one example, the protection mechanisms provided by disk 100may use any or all of the protection (and/or other) structures and/ortechniques described in the above-referenced Shear patents. The Shearpatents describe, by way of non-exhaustive example, means for solvingthe problem of how to protect digital content from unauthorized use. Forexample, the Shear patent specifications describe, among other things,means for electronically “overseeing”—through distributed control nodespresent in client computers—the use of digital content. This includesmeans and methods for fulfilling the consequences of any such use.

[0185] Non-limiting examples of certain elements described in the Shearpatent specifications include:

[0186] (a) decryption of encrypted information,

[0187] (b) metering,

[0188] (c) usage control in response to a combination of derivedmetering information and rules set by content providers,

[0189] (d) securely reporting content usage information,

[0190] (e) use of database technology for protected information storageand delivery,

[0191] (f) local secure maintenance of budgets, including, for example,credit budgets,

[0192] (g) local, secure storage of encryption key and content usageinformation,

[0193] (h) local secure execution of control processes, and

[0194] (i) in many non-limiting instances, the use of optical media.

[0195] Any or all of these features may be used in combination in orwith the inventions disclosed herein.

[0196] Certain of the issued Shear patents′ specifications also involvedatabase content being local and remote to users. Database informationthat is stored locally at the end-user's system and complemented byremote, “on-line” database information, can, for example, be used toaugment the local information, which in one example, may be stored onoptical media (for example, DVD and/or CD-ROM). Special purposesemiconductor hardware can, for example, be used to provide a secureexecution environment to ensure a safe and reliable setting for digitalcommerce activities.

[0197] The Shear patents also describe, among other things, databaseusage control enabled through the use of security, metering, and usageadministration capabilities. The specifications describe, inter alia, ametering and control system in which a database, at least partiallyencrypted, is delivered to a user (e.g., on optical media). Non-limitingexamples of such optical media may, for example, include DVD and CD-ROM.Subsequent usage can, for example, be metered and controlled in any of avariety of ways, and resulting usage information can be transmitted to aresponsible party (as one example).

[0198] The Shear patent specifications also describe the generation of abill in response to the transmitted information. Other embodiments ofthe Shear patents provide, for example, unique information securityinventions which involve, for example, digital content usage beinglimited based on patterns of usage such as the quantity of particularkinds of usage. These capabilities include monitoring the“contiguousness,” and/or “logical relatedness” of used information toensure that the electronic “conduct” of an individual does not exceedhis or her licensed rights. Still other aspects of the Shear patentsdescribe, among other things, capabilities for enabling organizations tosecurely and locally manage electronic information usage rights. When adatabase or a portion of a database is delivered to a client site, someembodiments of the Shear patents provide, for example, optical storagemeans (non-exhaustive examples of which include DVD and CD-ROM) as themechanism of delivery. Such storage means can store, for example, acollection of video, audio, images, software programs, games, etc., inone example, on optical media, such as DVD and/or CD-ROM, in addition toother content such as a collection of textual documents, bibliographicrecords, parts catalogs, and copyrighted or uncopyrighted materials ofall kinds. Any or all of these features may be used in the embodimentsherein.

[0199] One specific non-limiting embodiment could, for example, involvea provider who prepares a collection of games. The provider prepares adatabase “index” that stores information pertaining to the games, suchas for example, the name, a description, a creator identifier, thebilling rates, and the maximum number of times or total elapsed timeeach game may be used prior to a registration or re-registrationrequirement. Some or all of this information could be stored inencrypted form, in one example, on optical media, non-limiting examplesof which include DVD and CD-ROM. The provider may then encrypt some orall portions of the games such that a game could not be used unless oneor more encrypted portions were decrypted. Typically, decryption wouldnot occur unless provider specified conditions were satisfied, in oneexample, unless credit was available to compensate for use and auditinformation reflecting game usage was being stored. The provider coulddetermine, for example: which user activities he or she would allow,whether to meter such activities for audit and/or control purposes, andwhat, if any, limits would be set for allowed activities. This mightinclude, for example, the number of times that a game is played, and theduration of each play. Billing rates might be discounted, for example,based on total time of game usage, total number of games currentlyregistered for use, or whether the customer was also registered forother services available from the same provider, etc.

[0200] In the non-limiting example discussed above, a provider might,for example, assemble all of the prepared games along with other,related information, and publish the collection on optical media,non-limiting examples of which include CD-ROM and/or DVD. The providermight then distribute this DVD disk to prospective customers. Thecustomers could then select the games they wish to play, and contact theprovider. The provider, based on its business model, could then sendenabling information to each authorized customer, such as for example,including, or enabling for use, decryption keys for the encryptedportion of the selected games (alternatively, authorization to use thegames may have arrived with the DVD and/or CD-ROM disk, or might beautomatically determined, based on provider set criteria, by the user'ssecure client system, for example, based on a user's participation in acertified user class). Using the user's client decryption and meteringmechanism the customer could then make use of the games. The mechanismmight then record usage information, such as for example, the number oftimes the game was used, and, for example, the duration of each play. Itcould periodically transmit this information the game provider, thussubstantially reducing the administration overhead requirements of theprovider's central servers. The game provider could receive compensationfor use of the games based upon the received audit information. Thisinformation could be used to either bill their customers or,alternatively, receive compensation from a provider of credit.

[0201] Although games provide one convenient, non-limiting example, manyof these same ideas can be easily applied to all kinds of content, allkinds of properties, including, by way of nonlimiting examples:

[0202] video,

[0203] digitized movies,

[0204] audio,

[0205] images,

[0206] multimedia,

[0207] software,

[0208] games,

[0209] any other kind of property

[0210] any combination of properties.

[0211] Other non-limiting embodiments of the Shear patent specificationssupport, for example, securely controlling different kinds of useractivities, such as displaying, printing, saving electronically,communicating, etc. Certain aspects further apply different controlcriteria to these different usage activities. For example, informationthat is being browsed may be distinguished from information that is readinto a host computer for the purpose of copying, modifying, ortelecommunicating, with different cost rates being applied to thedifferent activities (so that, for example, the cost of browsing can bemuch less than the cost of copying or printing).

[0212] The Shear patent specifications also, for example, describemanagement of information inside of organizations by both publishers andthe customer. For example, an optional security system can be used toallow an organization to prevent usage of all or a portion of aninformation base unless the user enters his security code. Multiplelevels of security codes can be supported to allow restriction of anindividual's use according to his security authorization level. Oneembodiment can, for example, use hardware in combination with softwareto improve tamper resistance, and another embodiment could employ anentirely software based system. Although a dedicated hardware/softwaresystem may under certain circumstances provide assurance againsttampering, techniques which may be implemented in software executing ona non-dedicated system may provide sufficient tamper resistance for someapplications. Any or all of these features may be used in combinationwith the technology disclosed in this patent specification.

FIG. 3 Disks may also Store Metadata, Controls and Other Information

[0213] In this example, disk 100 may also store “metadata” in protectedand/or unprotected form. Player 52 uses metadata 202 to assist in usingone or more of the properties 200 stored by disk 100. For example, disk100 may store one metadata block 202(1) in unprotected form and anothermetadata block 202(2) in protected form. Any number of metadata blocks202 in protected and/or unprotected form may be stored by disk 100 aslimited only by the disk's storage capacity. In this example, metadata202 comprises information used to access properties 200. Such metadata202 may comprise, for example, frame sequence or other “navigational”information that controls the playback sequence of one or more of theproperties 200 stored on disk 100. As one example, an unprotectedmetadata block 202 may access only selected portions of a protectedproperty 200 to generate an abbreviated “trailer” presentation, whileprotected metadata block 202 may contain the frame playback sequence forthe entire video presentation of the property 200. As another example,different metadata blocks 202 may be provided for different “cuts” ofthe same motion picture property 200 (e.g., an R-rated version, aPG-rated version, a director's cut version, etc.).

[0214] In this example, disk 100 may store additional information forsecurity purposes. For example, disk 100 may store control rules in theform of a control set 204—which may be packaged in the form of one ormore secure containers 206. Commerce model participants can securelycontribute electronic rules and controls that represent their respective“electronic” interests. These rules and controls extend a “VirtualPresence™” through which the commerce participants may govern remotevalue chain activities according to their respective, mutually agreed torights. This Virtual Presence may take the form of participant specifiedelectronic conditions (e.g., rules and controls) that must be satisfiedbefore an electronic event may occur. These rules and controls can beused to enforce the party's rights during “downstream” electroniccommerce activities. Control information delivered by, and/or otherwiseavailable for use with, VDE content containers may, for example,constitute one or more “proposed” electronic agreements which manage theuse and/or consequences of the use of such content and which can enactthe terms and conditions of agreements involving multiple parties andtheir various rights and obligations.

[0215] The rules and controls from multiple parties can be used, in oneexample, to form aggregate control sets (“Cooperative VirtualPresence™”) that ensure that electronic commerce activities will beconsistent with the agreements amongst value chain participants. Thesecontrol sets may, for example, define the conditions which governinteraction with protected digital content (disseminated digitalcontent, appliance control information, etc.). These conditions can, forexample, be used to control not only digital information use itself, butalso the consequences of such use. Consequently, the individualinterests of commerce participants are protected and cooperative,efficient, and flexible electronic commerce business models can beformed. These models can be used in combination with the presentinvention.

Disks May Store Encrypted Information

[0216] Disk 100 may also store an encrypted key block 208. In thisexample, disk 100 may further store one or more hidden keys 210. In thisexample, encrypted key block 208 provides one or more cryptographic keysfor use in decrypting one or more properties 200 and/or one or moremetadata blocks 202. Key block 208 may provide different cryptographickeys for decrypting different properties 200 and/or metadata blocks 202,or different portions of the same property and/or metadata block. Thus,key block 208 may comprise a large number of cryptographic keys, all ofwhich are or may be required if all of the content stored by disk 100 isto be used. Although key block 208 is shown in FIG. 3 as being separatefrom container 206, it may be included within or as part of thecontainer if desired.

[0217] Cryptographic key block 208 is itself encrypted using one or moreadditional cryptographic keys. In order for player 52 to use any of theprotected information stored on disk 100, it must first decryptcorresponding keys within the encrypted key block 208—and then use thedecrypted keys from the key block to decrypt the corresponding content.

[0218] In this example, the keys required to decrypt encrypted key block208 may come from several different (possibly alternative) sources. Inthe example shown in FIG. 3, disk 100 stores one or more decryption keysfor decrypting key block 208 on the medium itself in the form of ahidden key(s) 210. Hidden key(s) 210 may be stored, for example, in alocation on disk 100 not normally accessible. This “not normallyaccessible” location could, for example, be physically enabled fordrives 80 installed in players 52 and disabled for drives 80′ installedin personal computers 62. Enablement could be provided by differentfirmware, a jumper on drive 80, etc. Hidden key(s) 210 could be arrangedon disk 100 so that any attempt to physically copy the disk would resultin a failure to copy the hidden key(s). In one example a hidden key(s)could be hidden in the bit stream coding sequences for one or moreblocks as described by J. Hogan (Josh Hogan, “DVD Copy Protection,”presentation to DVD copy protect technical meeting #4, May 30, 1996,Burbank, Calif.)

[0219] Alternatively, and/or in addition, keys required to decryptencrypted key block 208 could be provided by disk drive 80. In thisexample, disk drive 80 might include a small decryption component suchas, for example, an integrated circuit decryption engine including asmall secure internal key store memory 212 having keys stored therein.Disk drive 80 could use this key store 212 in order to decrypt encryptedkey block 208 without exposing either keys 212 or decrypted key block208—and then use the decrypted key from key block 208 to decryptprotected content 200, 202.

Disks May Store and/or Use Secure Containers

[0220] In yet another example, the key(s) required to decrypt protectedcontent 200, 202 is provided within secure container 206. FIG. 3A showsa possible example of a secure container 206 including informationcontent 304 (properties 200 and metadata 202 may be external to thecontainer—or alternatively, most or all of the data structures stored byvideo disk 100 may be included as part of a logical and/or actualprotected container). The control set 204 shown in FIG. 3 may compriseone or more permissions record 306, one or more budgets 308 and/or oneor more methods 310 as shown in FIG. 3A. FIG. 3B shows an examplecontrol set 204 providing one or more encryption keys 208, one or morecontent identifiers 220, and one or more controls 222. In this example,different controls 222 may apply to different equipment and/or classesof equipment such as player 52 and/or computer equipment 62 dependingupon the capabilities of the particular platform and/or class ofplatform. Additionally, controls 220 may apply to different ones ofproperties 200 and/or different ones of metadata blocks 202. Forexample, a control 222(1) may allow property 200(1) to be copied onlyonce for archival purposes by either player 52 or computer equipment 62.A control 222(2) (which may be completely ignored by player 52 becauseit has insufficient technical and/or security capabilities but which maybe useable by computer equipment 62 with its secure node 72) may allowthe user to request and permit a public performance of the same property200(1) (e.g., for showing in a bar or other public place) and cause theuser's credit or other account to be automatically debited by a certainamount of compensation for each showing. A third control 222(3) may, forexample, allow secure node 72 (but not player 52) to permit certainclasses of users (e.g., certified television advertisers andjournalists) to extract or excerpt certain parts of protected property200(1) for promotional uses. A further control 222(4) may, as anotherexample, allow both video player 52 and secure node 72 to view certainstill frames within property 200(l)-but might allow only secure node 72to make copies of the still frames based on a certain compensationlevel.

Example Disks and/or System May Make Use of Trusted Infrastructure

[0221] Controls 222 may contain pointers to sources of additionalcontrol sets for one or more properties, controls, metadata, and/orother content on the optical disk. In one example, these additionalcontrols may be obtained from a trusted third party, such as a rightsand permissions clearinghouse and/or from any other value chainparticipant authorized by at least one rightsholder to provide at leastone additional control set. This kind of rights and permissionsclearinghouse is one of several distributed electronic administrativeand support services that may be referred to as the “DistributedCommerce Utility,” which, among other things, is an integrated, modulararray of administrative and support services for electronic commerce andelectronic rights and transaction management. These administrative andsupport services can be used to supply a secure foundation forconducting financial management, rights management, certificateauthority, rules clearing, usage clearing, secure directory services,and other transaction related capabilities functioning over a vastelectronic network such as the Internet and/or over organizationinternal Intranets, or even in-home networks of electronic appliances.Nonlimiting examples of these electronic appliances include at leastoccasionally connected optical media appliances, examples of whichinclude read-only and/or writable DVD players and DVD drives incomputers and convergent devices, including, for example, digitaltelevisions and settop boxes incorporating DVD drives.

[0222] These administrative and support services can, for example, beadapted to the specific needs of electronic commerce value chains in anynumber of vertical markets, including a wide variety of entertainmentapplications. Electronic commerce participants can, for example, usethese administrative and support services to support their interests,and/or they can shape and reuse these services in response tocompetitive business realities. Non-exhaustive examples of electroniccommerce participants include individual creators, film and musicstudios, distributors, program aggregators, broadcasters, and cable andsatellite operators.

[0223] The Distributed Commerce Utility can, for example, make optimallyefficient use of commerce administration resources, and can, in at leastsome embodiments, scale in a practical fashion to optimally accommodatethe demands of electronic commerce growth.

[0224] The Distributed Commerce Utility may, for example, comprise anumber of Commerce Utility Systems. These Commerce Utility Systems canprovide a web of infrastructure support available to, and reusable by,the entire electronic community and/or many or all of its participants.Different support functions can, for example, be collected together inhierarchical and/or in networked relationships to suit various businessmodels and/or other objectives. Modular support functions can, forexample, be combined in different arrays to form different CommerceUtility Systems for different design implementations and purposes. TheseCommerce Utility Systems can, for example, be distributed across a largenumber of electronic appliances with varying degrees of distribution.

[0225] The “Distributed Commerce Utility” provides numerous additionalcapabilities and benefits that can be used in conjunction with theparticular embodiments shown in the drawings of this application,non-exhaustive examples of which include:

[0226] Enables practical and efficient electronic commerce and rightsmanagement.

[0227] Provides services that securely administer and support electronicinteractions and consequences.

[0228] Provides infrastructure for electronic commerce and other formsof human electronic interaction and relationships.

[0229] Optimally applies the efficiencies of modern distributedcomputing and networking.

[0230] Provides electronic automation and distributed processing.

[0231] Supports electronic commerce and communications infrastructurethat is modular, programmable, distributed and optimally computerized.

[0232] Provides a comprehensive array of capabilities that can becombined to support services that perform various administrative andsupport roles.

[0233] Maximizes benefits from electronic automation and distributedprocessing to produce optimal allocation and use of resources across asystem or network.

[0234] Is efficient, flexible, cost effective, configurable, reusable,modifiable, and generalizable.

[0235] Can economically reflect users' business and privacyrequirements.

[0236] Can optimally distribute processes—allowing commerce models to beflexible, scaled to demand and to match user requirements.

[0237] Can efficiently handle a full range of activities and servicevolumes.

[0238] Can be fashioned and operated for each business model, as amixture of distributed and centralized processes.

[0239] Provides a blend of local, centralized and networked capabilitiesthat can be uniquely shaped and reshaped to meet changing conditions.

[0240] Supports general purpose resources and is reusable for manydifferent models; in place infrastructure can be reused by differentvalue chains having different requirements.

[0241] Can support any number of commerce and communications models.

[0242] Efficiently applies local, centralized and networked resources tomatch each value chain's requirements.

[0243] Sharing of common resources spreads out costs and maximizesefficiency.

[0244] Supports mixed, distributed, peer-to-peer and centralizednetworked capabilities.

[0245] Can operate locally, remotely and/or centrally.

[0246] Can operate synchronously, asynchronously, or support both modesof operation.

[0247] Adapts easily and flexibly to the rapidly changing sea ofcommercial opportunities, relationships and constraints of “Cyberspace.”

[0248] Any or all of these features may be used in combination with theinventions disclosed herein.

[0249] The Distributed Commerce Utility provides, among otheradvantages, comprehensive, integrated administrative and supportservices for secure electronic commerce and other forms of electronicinteraction. These electronic interactions supported by the DistributedCommerce Utility may, in at least some embodiments, entail the broadestrange of appliances and distribution media, non-limiting examples ofwhich include networks and other communications channels, consumerappliances, computers, convergent devices such as WebTV, and opticalmedia such as CD-ROM and DVD in all their current and future forms.

Example Access Techniques

[0250]FIGS. 3, 4A and 4B show example access techniques provided byplayer 52. In this example, upon disk 100 being loaded into player diskdrive 80 (FIG. 4A, block 400), the player controller 82 may direct drive80 to fetch hidden keys 210 from disk 100 and use them to decrypt someor all of the encrypted key block 208 (FIG. 4A, block 402). In thisexample, drive 80 may store the keys so decrypted without exposing themto player controller 82 (e.g., by storing them within key store 212within a secure decryption component such as an integrated circuit baseddecryption engine) (FIG. 4A, block 404). The player 52 may control drive80 to read the control set 204 (which may or may not be encrypted) fromdisk 100 (FIG. 4A, block 406). The player microprocessor 82 may parsecontrol set 204, ignore or discard those controls 222 that are beyondits capability, and maintain permissions and/or rights managementinformation corresponding to the subset of controls that it can enforce(e.g., the “copy once” control 222(1)).

[0251] Player 52 may then wait for the user to provide a request viacontrol inputs 58 and/or remote control unit 56. If the control input isa copy request (“yes” exit to FIG. 4A, decision block 408), then playermicroprocessor 84 may query control 222(1) to determine whether copyingis allowed, and if so, under what conditions (FIG. 4A, decision block410). Player 52 may refuse to copy the disk 100 if the correspondingcontrol 222(1) forbids copying (“no” exit to FIG. 4A, decision block410), and may allow copying (e.g., by controlling drive 80 tosequentially access all of the information on disk 100 and provide it toan output port not shown) if corresponding control 222(1) permitscopying (“yes” exit to FIG. 4A, decision block 410; block 412). In thisexample, player 52 may, upon making a copy, store an identifierassociated with disk 100 within an internal, non-volatile memory (e.g.,controller memory 86) or elsewhere if control 222(1) so requires. Thisstored disk identifier can be used by player 52 to enforce a “copy once”restriction (i.e., if the user tries to use the same player to copy thesame disk more than once or otherwise as forbidden by control 222(1),the player can deny the request).

[0252] If the user requests one of properties 200 to be played or read(“yes” exit to FIG. 4A, decision block 414), player controller 82 maycontrol drive 80 to read the corresponding information from the selectedproperty 200 (e.g., in a sequence as specified by metadata 202) anddecrypt the read information as needed using the keys initially obtainedfrom key block 208 and now stored within drive key storage 212 (FIG. 4A,block 416).

[0253]FIG. 4B is a variation on the FIG. 4A process to accommodate asituation in which player 52 itself provides decryption keys fordecrypting encrypted key block 208. In this example, controller 82 maysupply one or more decryption keys to drive 80 using a secure protocolsuch a Diffie-Hellman key agreement, or through use of a shared keyknown to both the drive and some other system or component to which theplayer 52 is or once was coupled (FIG. 4B, block 403). The drive 80 mayuse these supplied keys to decrypt encrypted key block 208 as shown inFIG. 4A, block 404, or it may use the supplied keys to directly decryptcontent such as protected property 200 and/or protected metadata 202(2).

[0254] As a further example, the player 52 can be programmed to place acopy it makes of a digital property such as a film in encrypted forminside a tamper-resistant software container. The software container maycarry with it a code indicating that the digital property is a copyrather than an original. The sending player 52 may also put its ownunique identifier (or the unique identifier of an intended receivingdevice such as another player 52, a video cassette player or equipment50) in the same secure container to enforce a requirement that the copycan be played only on the intended receiving device. Player 52 (or otherreceiving device) can be programmed to make no copies (or no additionalcopies) upon detecting that the digital property is a copy rather thanan original. If desired, a player 52 can be programmed to refuse to playa digital property that is not packaged with the player's unique ID.

Example Use of Analog Encoding Techniques

[0255] In another example, more comprehensive rights managementinformation may be encoded by player 52 in the analog output usingmethods for watermarking and/or fingerprinting. Today, a substantialportion of the “real world” is analog rather than digital. Despite thepervasiveness of analog signals, existing methods for managing rightsand protecting copyright in the analog realm are primitive ornon-existent. For example:

[0256] Quality degradation inherent in multigenerational analog copyinghas not prevented a multi-billion dollar pirating industry fromflourishing.

[0257] Some methods for video tape copy and pay per view protectionattempt to prevent any copying at all of commercially released content,or allow only one generation of copying. These methods can generally beeasily circumvented.

[0258] Not all existing devices respond appropriately to copy protectionsignals.

[0259] Existing schemes are limited for example to “copy/no copy”controls.

[0260] Copy protection for sound recordings has not been commerciallyimplemented.

[0261] A related problem relates to the conversion of informationbetween the analog and digital domains. Even if information iseffectively protected and controlled initially using strong digitalrights management techniques, an analog copy of the same information mayno longer be securely protected.

[0262] For example, it is generally possible for someone to make ananalog recording of program material initially delivered in digitalform. Some analog recordings based on digital originals are of quitegood quality. For example, a Digital Versatile Disk (“DVD”) player mayconvert a movie from digital to analog format and provide the analogsignal to a high quality analog home VCR. The home VCR records theanalog signal. A consumer now has a high quality analog copy of theoriginal digital property. A person could re-record the analog signal ona DVD-RAM. This recording will in many circumstances have substantialquality—and would no longer be subject to “pay per view” or otherdigital rights management controls associated with the digital form ofthe same content.

[0263] Since analog formats will be with us for a long time to come,rightsholders such as film studios, video rental and distributioncompanies, music studios and distributors, and other value chainparticipants would very much like to have significantly better rightsmanagement capabilities for analog film, video, sound recordings andother content. Solving this problem generally requires a way to securelyassociate rights management information with the content beingprotected.

[0264] In combination with other rights management capabilities,watermarking and/or fingerprinting, may provide “end to end” securerights management protection that allows content providers and rightsholders to be sure their content will be adequatelyprotected—irrespective of the types of devices, signaling formats andnature of signal processing within the content distribution chain. This“end to end” protection also allows authorized analog appliances to beeasily, seamlessly and cost-effectively integrated into a modem digitalrights management architecture.

[0265] Watermarking and/or fingerprinting may carry, for example,control information that can be a basis for a Virtual DistributionEnvironment (“VDE”) in which electronic rights management controlinformation may be delivered over insecure (e.g., analog) communicationschannels. This Virtual Distribution Environment is highly flexible andconvenient, accommodating existing and new business models while alsoproviding an unprecedented degree of flexibility in facilitating ad hoccreation of new arrangements and relationships between electroniccommerce and value chain participants—regardless of whether content isdistributed in digital and/or analog formats.

[0266] Watermarking together with distributed, peer-to-peer rightsmanagement technologies providers numerous advantages, including, butnot limited to:

[0267] An indelible and invisible, secure technique for providing rightsmanagement information.

[0268] An indelible method of associating electronic commerce and/orrights management controls with analog content such as film, video, andsound recordings.

[0269] Persistent association of the commerce and/or rights managementcontrols with content from one end of a distribution system to theother—regardless of the number and types of transformations betweensignaling formats (for example, analog to digital, and digital toanalog).

[0270] The ability to specify “no copy/one copy/many copies” rightsmanagement rules, and also more complex rights and transaction pricingmodels (such as, for example, “pay per view” and others).

[0271] The ability to fully and seamlessly integrate with comprehensive,general electronic rights management solutions.

[0272] Secure control information delivery in conjunction withauthorized analog and other non-digital and/or non-secure informationsignal delivery mechanisms.

[0273] The ability to provide more complex and/or more flexible commerceand/or rights management rules as content moves from the analog to thedigital realm and back.

[0274] The flexible ability to communicate commerce and/or rightsmanagement rules implementing new, updated, or additional businessmodels to authorized analog and/or digital devices.

[0275] Any or all of these features may be used in combination in and/orwith the inventions disclosed in the present specification.

[0276] Briefly, watermarking and/or fingerprinting methods may, using“steganographical” techniques, substantially indelibly and substantiallyinvisibly encode rights management and/or electronic commerce rules andcontrols within an information signal such as, for example, an analogsignal or a digitized (for example, sampled) version of an analogsignal, non-limiting examples of which may include video and/or audiodata, that is then decoded and utilized by the local appliance. Theanalog information and stenographically encoded rights managementinformation may be transmitted via many means, non-limiting examples ofwhich may include broadcast, cable TV, and/or physical media, VCR tapes,to mention one non-limiting example. Any or all of these techniques maybe used in combination in accordance with the inventions disclosedherein.

[0277] Watermarking and/or fingerprinting methods enable at least somerights management information to survive transformation of the videoand/or other information from analog to digital and from digital toanalog format. Thus in one example, two or more analog and/or digitalappliances may participate in an end-to-end fabric of trusted, securerights management processes and/or events.

Example, More Capable Embodiments

[0278] As discussed above, the example control set shown in FIG. 3Bprovides a comprehensive, flexible and extensible set of controls foruse by both player 52 and computer equipment 62 (or other platform)depending upon the particular technical, security and other capabilitiesof the platform. In this example, player 52 has only limited technicaland security capabilities in order to keep cost and complexity down in amass-produced consumer item, and therefore may essentially ignore orfail to enable some or all of the controls 222 provided within controlset 204. In another example, the cost of memory and/or processors maycontinue to decline and manufacturers may choose to expand the technicaland security capabilities of player 52. A more capable player 52 willprovide more powerful, robust, and flexible rights managementcapabilities.

[0279]FIG. 5 shows an example arrangement permitting platform 60including secure node 72 to have enhanced and/or different capabilitiesto use information and/or rights management information on disk 100, andFIG. 6 shows an example access technique provided by the secure node.Referring to FIG. 5, secure node 72 may be coupled to a network 150whereas player 52 may not be—giving the secure node great additionalflexibility in terms of communicating security related information suchas audit trails, compensation related information such as paymentrequests or orders, etc. This connection of secure node 72 to network150 (which may be replaced in any given application by some othercommunications technique such as insertion of a replaceable memorycartridge) allows secure node 72 to receive and securely maintain rightsmanagement control information such as an additional container 206′containing an additional control set 204′. Secure node 72 may usecontrol set 204′ in addition or in lieu of a control set 204 stored ondisk 100. Secure node 72 may also maintain a secure cryptographic keystore 212 that may provide cryptographic keys to be used in lieu of orin addition to any keys 208, 210 that may be stored on disk 100. Becauseof its increased security and/or technical capabilities, secure node 72may be able to use controls 222 within control set 204 that player 52ignores or cannot use—and may be provided with further and/or enhancedrights and/or rights management capabilities based on control set 204′(which the user may, for example, order specially and which may apply toparticular properties 200 stored on disk 100 and/or particular sets ofdisks).

Example Secure Node Access Techniques

[0280] The FIG. 6 example access technique (which may be performed byplatform 60 employing secure node 72, for example) involves, in thisparticular example, the secure node 72 fetching property identificationinformation 220 from disk 100 (FIG. 6, block 502), and then locatingapplicable control sets and/or rules 204 (which may be stored on disk100, within secure node 72, within one or more repositories the securenode 72 accesses via network 150, and/or a combination of any or all ofthese techniques) (FIG. 6, block 504). Secure node 72 then loads thenecessary decryption keys and uses them to decrypt information asrequired (FIG. 6, block 506). In one example, secure node 72 obtains thenecessary keys from secure containers 206 and/or 206′ and maintains themwithin a protected processing environment such as SPU 164 or asoftware-emulated protected processing environment without exposing themexternally of that environment. In another example, the secure node 72may load the necessary keys (or a subset of them) into disk drive 82′using a secure key exchange protocol for use by the disk drive indecrypting information much in the same manner as would occur withinplayer 52 in order to maintain complete compatibility in drive hardware.

[0281] Secure node 72 may monitor user inputs and perform requestedactions based on the particular control set 204, 204′. For example, uponreceiving a user request, secure node 72 may query the control set 204,204′ to determine whether it (they) permits the action the user hasrequested (FIG. 6, block 508) and, if permitted, whether conditions forperforming the requested operation have been satisfied (FIG. 6, block510). In this example, secure node 72 may effect the operationsnecessary to satisfy any such required conditions such as by, forexample, debiting a user's locally-stored electronic cash wallet,securely requesting an account debit via network 150, obtaining and/orchecking user certificates to ensure that the user is within anappropriate class or is who he or she says he is, etc.—using network 150as required (FIG. 6, block 510). Upon all necessary conditions beingsatisfied, secure node 72 may perform the requested operation (and/orenable microprocessor 154 to perform the operation) (e.g., to releasecontent) and may then generate secure audit records which can bemaintained by the secure node and/or reported at the time or later vianetwork 150 (FIG. 6, block 512).

[0282] If the requested operation is to release content (e.g., make acopy of the content), platform 60 (or player 52 in the example above)may perform the requested operation based at least in part on theparticular controls that enforce rights over the content. For example,the controls may prevent platform 60 from releasing content except tocertain types of output devices that cannot be used to copy the content,or they may release the content in a way that discourages copying (e.g.,by “fingerprinting” the copy with an embedded designation of who createdthe copy, by intentionally degrading the released content so that anycopies made from it will be inferior, etc.). As one specific example, avideo cassette recorder (not shown) connected to platform 60 may be theoutput device used to make the copy. Because present generations ofanalog devices such as video cassette recorders are incapable of makingmultigenerational copies without significant loss in quality, thecontent provider may provide controls that permit content to be copiedby such analog devices but not by digital devices (which can make anunlimited number of copies without quality loss). For example, platform60 may, under control of digital controls maintained by secure node 72,release content to the video cassette recorder only after the videocassette recorder supplies the platform a digital ID that designates theoutput device as a video cassette recorder—and may refuse to provide anyoutput at all unless such a digital ID identifying the output device asa lower quality analog device is provided. Additionally or in thealternative, platform 60 may intentionally degrade the content itsupplies to the video cassette recorder to ensure that no acceptablesecond-generation copies will be made. In another example, morecomprehensive rights management information may be encoded by platform60 in the analog output using watermarking and/or fingerprinting.

Additional Examples of Secure Container Usage

[0283]FIG. 7 shows a basic example of a DVD medium 700 containing a kindof secure container 701 for use in DVDs in accordance with the presentinvention. As shown in this example, container 701 (“DigiBox for DVDs”)could be a specialized version of a “standard” container tailoredespecially for use with DVD and/or other media, or it could,alternatively (in an arrangement shown later in FIG. 8), be a fully“standard” container. As shown in this example, the specializedcontainer 701 incorporates features that permit it to be used inconjunction with content information, metadata, and cryptographic and/orprotection information that is stored on the DVD medium 700 in the samemanner as would have been used had container 701 not been present. Thus,specialized container 701 provides compatibility with existing dataformats and organizations used on DVDs and/or other media. In addition,a specialized container 701 can be tailored to support only thosefeatures necessary for use in support of DVD and/or other media, so thatit can be processed and/or manipulated using less powerful or lessexpensive computing resources than would be required for completesupport of a “standard” container object.

[0284] In this example, specialized “DVD only” container 701 includes acontent object (a property) 703 which includes an “external reference”705 to video title content 707, which may be stored on the DVD and/orother medium in the same manner as would have been used for a medium notincluding container 701. The video title content 707 may include MPEG-2and/or AC-3 content 708, as well as scrambling (protection) information710 and header, structure and/or meta data 711. External reference 705contains information that “designates” (points to, identifies, and/ordescribes) specific external processes to be applied/executed in orderto usecontent and other information not stored in container 701. In thisexample, external reference 705 designates video title content 707 andits components 708, 710, and 711. Alternatively, container 701 couldstore some or all of the video title content in the container itself,using a format and organization that is specific to container 701,rather than the standard format for the DVD and/or other medium 700.

[0285] In this example, container 701 also includes a control object(control set) 705 that specifies the rules that apply to use of videotitle content 707. As indicates by solid arrow 702, control object 705“applies to” content object (property) 703. As shown in this example,rule 704 can specify that protection processes, for example CGMA or theMatsushita data scrambling process, be applied, and can designate, byexternal reference 709 contained in rule 704, data scramblinginformation 710 to be used in carrying out the protection scheme. Theshorthand “do CGMA” description in rule 704 indicates that the rulerequires that the standard CGMA protection scheme used for content onDVD media is to be used in conjunction with video title content 707, buta different example could specify arbitrary other rules in controlobject 705 in addition to or instead of the “do CGMA” rule, includingother standard DVD protection mechanisms such as the Matsushita datascrambling scheme and/or other rights management mechanisms. Externalreference 709 permits rule 704 to be based on protection information 710that is stored and manipulated in the same format and manner as for aDVD medium that does not incorporate container 701 and/or protectioninformation that is meaningful only in the context of processingcontainer 701.

[0286]FIG. 8 shows a example of a DVD medium 800 containing a “standard”secure container 801. In this example, the “standard” container providesall of the functionality (if desired) of the FIG. 7 container, but mayoffer additional and/or more extensive rights management and/or contentuse capabilities than available on the “DVD only” container (e.g., thecapacity to operate with various different platforms that use securenodes).

[0287]FIG. 9 shows a more complex example of DVD medium 800 having astandard container 901 that provides all of the functionality (ifdesired) of the FIG. 7 container, and that can function in concert withother standard containers 902 located either on the same DVD medium orimported from another remote secure node or network. In this example,standard container 902 may include a supplementary control object 904which applies to content object 903 of standard container 901. Also inthis example, container 902 may provide an additional rule(s) such as,for example, a rule permitting/extending rights to allow up to a certainnumber (e.g., five) copies of the content available on DVD 900. Thisarrangement, for example, provides added flexibility in controllingrights management of DVD content between multiple platforms via accessthrough “backchannels” such as via a set-top box or other hardwarehaving bi-directional communications capabilities with other networks orcomputers.

Additional Use of a DVD Disk with a Secure Container

[0288]FIG. 10 illustrates the use of a “new” DVD disk-i.e., one thatincludes a special DVD secure container in the medium. This containermay, in one example, be used or two possible use scenarios: a firstsituation in which the disk is used on an “old” player (DVD appliance,i.e., a DVD appliance that is not equipped with a secure node to providerights management in accordance with the present invention; and a secondsituation in which the disk is used on a “new” player—i.e., a DVDappliance which is equipped with a secure node to provide rightsmanagement in accordance with the present invention. In this example, asecure node within the “new” player is configured with the necessarycapabilities to process other copy protection information such as, forexample, CGMA control codes and data scrambling formats developed andproposed principally by Matsushita.

[0289] For example, in the situation shown in FIG. 10, the “new” player(which incorporates a secure node in accordance with the presentinvention) can recognize the presence of a secure container on the disk.The player may then load the special DVD secure container from the diskinto the resident secure node. The secure node opens the container, andimplements and/or enforces appropriate rules and usage consequencesassociated with the content by applying rules from the control object.These rules are extremely flexible. In one example, the rules may, forexample, call for use of other protection mechanisms (such as, forexample, CGMA protection codes and Matsushita data scrambling) which canbe found in the content (or property) portion of the container.

[0290] In another example shown in FIG. 10, the special DVD container onthe disk still allows the “old” player to use to a predetermined limitedamount content material which may be used in accordance withconventional practices.

Example Use of a DVD Disk with No Secure Container

[0291] Referring now to FIG. 11, a further scenario is discussed. FIG.11 illustrates use of an “old” DVD disk with two possible use examples:a first example in which the disk is used on an “old” player—i.e., a DVDappliance that is not equipped with a secure node for providing rightsmanagement in accordance with the present invention—and a second examplein which the disk is used on a “new” player (i.e., equipped with asecure node).

[0292] In the first case, the “old” player will play the DVD content ina conventional manner. In the second scenario, the “new” player willrecognize that the disk does not have a container stored in the medium.It therefore constructs a “virtual” container in resident memory of theappliance. To do this, it constructs a container content object, andalso constructs a control object containing the appropriate rules. Inone particular example, the only applicable rule it need apply is to “doCGMA”—but in other examples, additional and/or different rules could beemployed. The virtual container is then provided to the secure nodewithin the “new” player for implementing management of use rights inaccordance with the present invention. Although not shown in FIGS. 10and 11, use of “external references” may also be provided in bothvirtual and non-virtual containers used in the DVD context.

Example Illustrative Arrangements for Sharing, Brokering and CombiningRights when Operating in at Least Occasionally Connected Scenarios

[0293] As described above, the rights management resources of severaldifferent devices and/or other systems can be flexibly combined indiverse logical and/or physical relationships, resulting for example ingreater and/or differing rights. Such rights management resourcecombinations can be effected through connection to one or more remoterights authorities. FIGS. 12-14 show some non-limiting examples of howrights authorities can be used in various contexts.

[0294] For example, FIG. 12 shows a rights authority broker 1000connected to a local area network (LAN) 1002. LAN 1002 may connect towide area network if desired. LAN 1002 provides connectivity betweenrights authority broker 1000 and any number of appliances such as forexample a player 50, a personal computer 60, a CD “tower” type server1004. In the example shown, LAN 1002 includes a modem pool (and/ornetwork protocol server, not shown)1006 that allows a laptop computer1008 to connect to the rights authority broker 1000 via dial-up lines1010. Alternatively, laptop 1008 could communicate with rights authoritybroker 1000 using other network and/or communication means, such as theInternet and/or other Wide Area Networks (WANs). A disk player 50A maybe coupled to laptop 1008 at the laptop location. In accordance with theteachings above, any or all of devices shown in FIG. 12 may include oneor more secure nodes 72.

[0295] Rights authority broker 1000 may act as an arbiter and/ornegotiator of rights. For example, laptop 1008 and associated player 50Amay have only limited usage rights when operating in a stand-aloneconfiguration. However, when laptop 1008 connects to rights authoritybroker 1000 via modem pool 1006 and LAN 1002 and/or by othercommunication means, the laptop may acquire different and/or expandedrights to use disks 100 (e.g., availability of different contentportions, different pricing, different extraction and/or redistributionrights, etc.) Similarly, player 50, equipment 60 and equipment 1004 maybe provided with an enhanced and/or different set of disk usage rightsthrough communication with rights authority broker 1000 over LAN 1002.Communication to and from rights authority broker 1000 is preferablysecured through use of containers of the type disclosed in theabove-referenced Ginter et al. patent specification.

[0296]FIG. 13 shows another example use of a rights authority broker1000 within a home environment. In this example, the laptop computer1008 may be connected to a home-based rights authority broker 1000 via ahigh speed serial IEEE 1394 bus and/or by other electronic communicationmeans. In addition, rights authority broker 1000 can connect with any orall of:

[0297] a high definition television 1100,

[0298] one or more loudspeakers 1 102 or other audio transducers,

[0299] one or more personal computers 60,

[0300] one or more set-top boxes 1030,

[0301] one or more disk players 50,

[0302] one or more other rights authority brokers 1000A-1000N and

[0303] any other home or consumer equipment or appliances.

[0304] Any or all of the equipment listed above may include a securenode 72.

[0305]FIG. 14 shows another example use of a rights authority broker1000. In this example, rights authority broker 1000 is connected to anetwork 1020 such as a LAN, a WAN, the Internet, etc. Network 1020 mayprovide connectivity between rights authority broker 1000 and any or allof the following equipment:

[0306] one or more connected or occasionally connected disk players 50A,50B;

[0307] one more networked computers 1022;

[0308] one or more disk reader towers/servers 1004;

[0309] one or more laptop computers 1008;

[0310] one or more Commerce Utility Systems such as a rights andpermissions clearinghouse 1024 (see Shear et al., “TrustedInfrastructure . . . ” specification referenced above);

[0311] one or more satellite or other communications uplinks 1026;

[0312] one or more cable television head-ends 1028;

[0313] one or more set-top boxes 1030 (which may be connected tosatellite downlinks 1032 and/or disk players 50C);

[0314] one or more personal computer equipment 60;

[0315] one or more portable disk players 1034 (which may be connectedthrough other equipment, directly, and/or occasionally unconnected;

[0316] one or more other rights authority brokers 1000A-1000N; and

[0317] any other desired equipment.

[0318] Any or all of the above-mentioned equipment may include one ormore secure nodes 72. Rights authority broker 1000 can distribute and/orcombine rights for use by any or all of the other components shown inFIG. 14. For example, rights authority broker 100 can supply furthersecure rights management resources to equipment connected to the brokervia network 1020. Multiple equipment shown in FIG. 14 can participateand work together in a permanently or temporarily connected network 1020to share the rights management for a single node. Rights associated withparties and/or groups using and/or controlling such multiple devicesand/or other systems can be employed according to underlying rightsrelated rules and controls. As one example, rights available through acorporate executive's laptop computer 1008 might be combined with orsubstituted for, in some manner, the rights of one or more subordinatecorporate employees when their computing or other devices 60 are coupledto network 1020 in a temporary networking relationship. In general, thisaspect of the invention allows distributed rights management for DVD orotherwise packaged and delivered content that is protected by adistributed, peer-to-peer rights management. Such a distributed rightsmanagement can operate whether the DVD appliance or other content usagedevice is participating in a permanently or temporarily connectednetwork 1020, and whether or not the relationships among the devicesand/or other systems participating in the distributed rights managementarrangement are relating temporarily or have a more permanent operatingrelationship.

[0319] For example, laptop computer 1008 may have different rightsavailable depending on the context in which that device is operating.For example, in a general corporate environment such as shown in FIG.12, the laptop 1008 may have one set of rights. However, the same laptop1008 may be given a different set of rights when connected to a moregeneral network 1020 in collaboration with specified individuals and/orgroups in a corporation. The same laptop 1008 may be given a stilldifferent set of rights when connected in a general home environmentsuch as shown by example in FIG. 13. The same laptop 1008 could be givenstill different rights when connected in still other environments suchas, by way of non-limiting example:

[0320] a home environment in collaboration with specified individualsand/or groups,

[0321] a retail environment,

[0322] a classroom setting as a student,

[0323] a classroom setting in collaboration with an instructor, in alibrary environment,

[0324] on a factory floor,

[0325] on a factory floor in collaboration with equipment enabled toperform proprietary functions, and so on.

[0326] As one more particular example, coupling a limited resourcedevice arrangement such as a DVD appliance 50 shown in FIG. 14 with aninexpensive network computer (NC) 1022 may allow an augmenting (orreplacing) of rights management capabilities and/or specific rights ofparties and/or devices by permitting rights management to be a result ofa combination of some or all of the rights and/or rights managementcapabilities of the DVD appliance and those of an Network or PersonalComputer (NC or PC). Such rights may be further augmented, or otherwisemodified or replaced by the availability of rights managementcapabilities provided by a trusted (secure) remote network rightsauthority 1000.

[0327] The same device, in this example a DVD appliance 50, can thussupport different arrays, e.g., degrees, of rights managementcapabilities, in disconnected and connected arrangements and may furtherallow available rights to result from the availability of rights and/orrights management capabilities resulting from the combination of rightsmanagement devices and/or other systems. This may include one or morecombinations of some or all of the rights available through the use of a“less” secure and/or resource poor device or system which are augmented,replaced, or otherwise modified through connection with a device orsystem that is “more” or “differently” secure and/or resource richand/or possesses differing or different rights, wherein such connectionemploys rights and/or management capabilities of either and/or bothdevices as defined by rights related rules and controls that describe ashared rights management arrangement.

[0328] In the latter case, connectivity to a logically and/or physicallyremote rights management capability can expand (by, for example,increasing the available secure rights management resources) and/orchange the character of the rights available to the user of the DVDappliance 50 or a DVD appliance when such device is coupled with an NC1022, personal computer 60, and/or remote rights authority 1000. In thisrights augmentation scenario, additional content portions may beavailable, pricing may change, redistribution rights may change (e.g.,be expanded), content extraction rights may be increased, etc.

[0329] Such “networking rights management” can allow for a combinationof rights management resources of plural devices and/or other systems indiverse logical and/or physical relationships, resulting in eithergreater or differing rights through the enhanced resources provided byconnectivity with one or more “remote” rights authorities. Further,while providing for increased and/or differing rights managementcapability and/or rights, such a connectivity based rights managementarrangement can support multi-locational content availability, byproviding for seamless integration of remotely available content, forexample, content stored in remote, Internet world wide web-based,database supported content repositories, with locally available contenton one or more DVD discs 100.

[0330] In this instance, a user may experience not only increased ordiffering rights but may be able to use to both local DVD content andsupplementing content (i.e., content that is more current from a timestandpoint, more costly, more diverse, or complementary in some otherfashion, etc.). In such an instance, a DVD appliance 50 and/or a user ofa DVD appliance (or other device or system connected to such appliance)may have the same rights, differing, and/or different rights applied tolocally and remotely available content, and portions of local andremotely available content may themselves be subject to differing ordifferent rights when used by a user and/or appliance. This arrangementcan support an overall, profound increase in user content opportunitiesthat are seamlessly integrated and efficiently available to users in asingle content searching and/or usage activity.

[0331] Such a rights augmenting remote authority 1000 may be directlycoupled to a DVD appliance 50 and/or other device by modem (see item1006 in FIG. 12) and/or directly or indirectly coupled through the useof an I/O interface, such as a serial 1394 compatible controller (e.g.,by communicating between a 1394 enabled DVD appliance and a localpersonal computer that functions as a smart synchronous or asynchronousinformation communications interface to such one or more remoteauthorities, including a local PC 60 or NC 1022 that serves as a localrights management authority augmenting and/or supplying the rightsmanagement in a DVD appliance) and/or by other digital communicationmeans such as wired and/or wireless network connections.

[0332] Rights provided to, purchased, or otherwise acquired by aparticipant and/or participant DVD appliance 50 or other system can beexchanged among such peer-to-peer relating devices and/or other systemsso long as they participate in a permanently or temporarily connectednetwork. 1020. In such a case, rights may be bartered, sold, forcurrency, otherwise exchanged for value, and/or loaned so long as suchdevices and/or other systems participate in a rights management system,for example, such as the Virtual Distribution Environment described inGinter, et al., and employ rights transfer and other rights managementcapabilities described therein. For example, this aspect of the presentinvention allows parties to exchange games or movies in which they havepurchased rights. Continuing the example, an individual might buy someof a neighbor's usage rights to watch a movie, or transfer to anotherparty credit received from a game publisher for the successfulsuperdistribution of the game to several acquaintances, where suchcredit is transferred (exchanged) to a friend to buy some of thefriend's rights to play a different game a certain number of times, etc.

[0333] Example Virtual Rights Process

[0334] FIGS. 15A-15C shows an example of a process in which rightsmanagement components of two or more appliances or other devicesestablish a virtual rights machine environment associated with an event,operation and/or other action. The process may be initiated in a numberof ways. In one example, an appliance user (and/or computer softwareacting on behalf of a user, group of users, and/or automated system forperforming actions) performs an action with a first appliance (e.g.,requesting the appliance to display the contents of a secure container,extract a portion of a content element, run a protected computerprogram, authorize a work flow process step, initiate an operation on amachine tool, play a song, etc.) that results in the activation of arights management component associated with such first appliance (FIG.15A, block 1500). In other examples, the process may get started inresponse to an automatically generated event (e.g., based on a time ofday or the like), a random or pseudo-random event, and/or a combinationof such events with a user-initiated event.

[0335] Once the process begins, a rights management component such as asecure node 72 (for example, an SPE and/or HPE as disclosed in Ginter etal.) determines which rights associated with such first appliance, ifany, the user has available with respect to such an action (FIG. 15A,block 1502). The rights management component also determines thecoordinating and/or cooperating rights associated with such an actionavailable to the user located in whole or in part on other appliances(FIG. 15A, block 1502).

[0336] In one example, these steps may be performed by securelydelivering a request to a rights authority server 1000 that identifiesthe first appliance, the nature of the proposed action, and otherinformation required or desired by such a rights authority server. Suchother information may include, for example:

[0337] the date and time of the request,

[0338] the identity of the user,

[0339] the nature of the network connection,

[0340] the acceptable latency of a response, etc.), and/or

[0341] any other information.

[0342] In response to such a request, the rights authority server 1000may return a list (or other appropriate structure) to the firstappliance. This list may, for example, contain the identities of otherappliances that do, or may, have rights and/or rights relatedinformation relevant to such a proposed action.

[0343] In another embodiment, the first appliance may communicate (e.g.,poll) a network with requests to other appliances that do, or may, haverights and/or rights related information relevant to such proposedaction. Polling may be desirable in cases where the number of appliancesis relatively small and/or changes infrequently. Polling may also beuseful, for example, in cases where functions of a rights authorityserver 1000 are distributed across several appliances.

[0344] The rights management component associated with the firstappliance may then, in this example, check the security level(s) (and/ortypes) of devices and/or users of other appliances that do, or may, haverights and/or rights related information relevant to such an action(FIG. 15A, block 1506). This step may, for example, be performed inaccordance with the security level(s) and/or device type managementtechniques disclosed in Sibert and Van Wie, and the user rights, securename services and secure communications techniques disclosed in Ginteret al. Device and/or user security level determination may be based, forexample, in whole or in part on device and/or user class.

[0345] The rights management component may then make a decision as towhether each of the other appliance devices and/or users have asufficient security level to cooperate in forming the set of rightsand/or rights related information associated with such an action (FIG.15A, block 1508). As each appliance is evaluated, some devices and/orusers may have sufficient security levels, and others may not. In thisexample, if a sufficient security level is not available (“No” exit todecision block 1508), the rights management component may create anaudit record (for example, an audit record of the form disclosed inGinter et al.) (FIG. 1 5A, block 15 10), and may end the process (FIG.15A, block 1512). Such audit record may be for either immediatetransmission to a responsible authority and/or for local storage andlater transmission, for example. The audit recording step may include,as one example, incrementing a counter that records security levelfailures (such as the counters associated with summary services inGinter et al.) If the devices and/or users provide the requisitesecurity level (“Yes” exit to block 1508), the rights managementcomponent in this example may make a further determination based on thedevice and/or user class(es) and/or other configuration and/orcharacteristics (FIG. 15B, block 1514). Such determination may be basedon any number of factors such as for example:

[0346] the device is accessible only through a network interface thathas insufficient throughput;

[0347] devices in such a class typically have insufficient resources toperform the action, or relevant portion of the action, at all or withacceptable performance, quality, or other characteristics;

[0348] the user class is inappropriate due to various conditions (e.g.,age, security clearance, citizenship, jurisdiction, or any otherclass-based or other user characteristic); and/or other factors.

[0349] In one example, decision block 1514 may be performed in part bypresenting a choice to the user that the user declines.

[0350] If processes within the rights management component determinesthat such device and/or user class(es) are inappropriate(“No” exit toblock 1514), the rights management component may write an audit recordif required or desired (FIG. 15B, block 1516) and the process may end(FIG. 15B, block 1518).

[0351] If, on the other hand, the rights management component determinesthat the device and/or user classes are appropriate to proceed (“Yes”exit to block 1514), the rights management component may determine therights and resources available for performing the action on the firstappliance and the other appliances acting together (FIG. 1SB, block1520). This step may be performed, for example, using any or all of themethod processing techniques disclosed in Ginter et al. For example,method functions may include event processing capabilities thatformulate a request to each relevant appliance that describes, in wholeor in part, information related to the action, or portion of the action,potentially suitable for processing, in whole or in part, by suchappliance. In this example, such requests, and associated responses, maybe managed using the reciprocal method techniques disclosed in Ginter etal. If such interaction requires additional information, or results inambiguity, the rights management component may, for example, communicatewith the user and allow them to make a choice, such as making a choiceamong various available, functionally different options, and/or therights management component may engage in a negotiation (for example,using the negotiation techniques disclosed in Ginter et al.) concerningresources, rights and/or rights related information.

[0352] The rights management component next determines whether there aresufficient rights and/or resources available to perform the requestedaction (FIG. 15B, decision block 1522). If there are insufficient rightsand/or resources available to perform the action (“No” exit to block1522), the rights management component may write an audit record (FIG.15B, block 1524), and end the process (FIG. 15B, block 1526).

[0353] In this example, if sufficient rights and/or resources areavailable (“Yes” exit to block 1522), the rights management componentmay make a decision regarding whether additional events should beprocessed in order to complete the overall action (FIG. 15B, block1528). For example, it may not be desirable to perform only part of theoverall action if the necessary rights and/or resources are notavailable to complete the action. If more events are necessary and/ordesired (“Yes” exit to block 1528), the rights management component mayrepeat blocks 1520, 1522 (and potentially perform blocks 1524, 1526) foreach such event.

[0354] If sufficient rights and/or resources are available for each ofthe events (“No” exit to block 1528), the rights management componentmay, if desired or required, present a user with a choice concerning theavailable alternatives for rights and/or resources for performing theaction (FIG. 15B, block 1530). Alternatively and/or in addition, therights management component may rely on user preference information(and/or defaults) to “automatically” make such a determination on behalfof the user (for example, based on the overall cost, performance,quality, etc.). In another embodiment, the user's class, or classes, maybe used to filter or otherwise aid in selecting among available options.In still another embodiment, artificial intelligence (including, forexample, expert systems techniques) may be used to aid in the selectionamong alternatives. In another embodiment, a mixture of any or all ofthe foregoing (and/or other) techniques may be used in the selectionprocess.

[0355] If there are no acceptable alternatives for rights and/orresources, or because of other negative aspects of the selection process(e.g., a user presses a “Cancel” button in a graphical user interface, auser interaction process exceeds the available time to make such aselection, etc.), (“No” exit to block 1530) the rights managementcomponent may write an audit record (FIG. 1 SB, block 1532), and end theprocess (FIG. 15B, block 1534).

[0356] On the other hand, if a selection process identifies one or moreacceptable sets of rights and/or resources for performing the action andthe decision to proceed is affirmative (“Yes” exit to block 1530), therights management component may perform the proposed action using thefirst appliance alone or in combination with any additional appliances(e.g., a rights authority 1000, or any other connected appliance) basedon the selected rights and/or resources (FIG. 15C, block 1536). Suchcooperative implementation of the proposed actions may include forexample:

[0357] performing some or all of the action with the first appliance;

[0358] performing some or all of the action with one or more appliancesother than the first appliance (e.g., a rights authority 1000 and/orsome other appliance);

[0359] performing part of the action with the first appliance and partof the action with one or more other appliances; or

[0360] any combination of these.

[0361] For example, this step may be performed using the eventprocessing techniques disclosed in Ginter et al.

[0362] As one illustrative example, the first appliance may have all ofthe resources necessary to perform a particular task (e.g., read certaininformation from an optical disk), but may lack the rights necessary todo so. In such an instance, the first appliance may obtain theadditional rights it requires to perform the task through the stepsdescribed above. In another illustrative example, the first appliancemay have all of the rights required to perform a particular task, but itmay not have the resources to do so. For example, the first appliancemay not have sufficient hardware and/or software resources available toit for accessing, processing or otherwise using information in certainways. In this example, step 1536 may be performed in whole or in part bysome other appliance or appliances based in whole or in part on rightssupplied by the first appliance. In still another example, the firstappliance may lack both rights and resources necessary to perform acertain action, and may rely on one or more additional appliances tosupply such resources and rights.

[0363] In this example, the rights management component may, uponcompletion of the action, write one or more audit records (FIG. 15C,block 1538), and the process may end (FIG. 15C, block 1540).

[0364] An arrangement has been described which adequately satisfiescurrent entertainment industry requirements for a low cost,mass-produceable digital video disk or other high capacity disc copyprotection scheme but which also provides enhanced, extensible rightsmanagement capabilities for more advanced and/or secure platforms andfor cooperative rights management between devices of lessor, greater,and/or differing rights resources. While the invention has beendescribed in connection with what is presently considered to be the mostpractical and preferred embodiment, it is to be understood that theinvention is not to be limited to the disclosed embodiment, but on thecontrary, is intended to cover various modifications and equivalentarrangements included within the spirit and scope of the invention.

We claim:
 1. An electronic appliance including: a disk use arrangement for at least one of (a) reading information from, and (b) writing information to, a digital versatile disk optical storage medium; and a secure node coupled to the disk use arrangement, the secure node providing at least one rights management process.
 2. An electronic appliance including: a disk use arrangement for at least one of (a) reading information from, and (b) writing information to, a digital versatile disk optical storage medium; and at least one processing arrangement coupled to the disk use arrangement, the processing arrangement selecting at least some control information associated with information recorded on the storage medium based at least in part on the class of the appliance and/or the user of the appliance.
 3. A system as in claim 2 wherein the processing arrangement selects a subset of control information used on another appliance and/or class of appliance.
 4. A system as in claim 2 wherein the processing arrangement selects different control information from the information selected by another appliance and/or class of appliance.
 5. A system as in claim 2 wherein at least some of the control information comprises an analog signal.
 6. A system as in claim 2 wherein at least some of the control information comprises digitally encoded information.
 7. In an appliance capable of using digital versatile disks, a method including the following steps: at least one of (a) reading information from, and (b) writing information to, a digital versatile disk optical storage medium; and selecting at least some control information associated with information recorded on the storage medium based at least in part on the class of the appliance and/or the user of the appliance.
 8. A method as in claim 7 wherein the selecting step includes the step of selecting a subset of control information used on another appliance and/or class of appliance.
 9. A method as in claim 7 wherein the selecting step includes the step of selecting, from control information stored on the storage medium, a different set of control information than the control information selected by another appliance and/or class of appliance.
 10. An electronic appliance including: a disk use arrangement for reading information from a digital versatile disk optical storage medium; and at least one processing arrangement coupled to the disk use arrangement, the processing arrangement protecting information read from the storage medium.
 11. An appliance as in claim 10 wherein the processing arrangement includes a rights management arrangement that applies at least one rights management technique to the read information.
 12. An appliance as in claim 10 wherein the appliance further includes at least one port compliant at least in part with the IEEE 1394-1995 high speed serial bus standard, and the processing arrangement couples the protected information to the port.
 13. In an electronic appliance, a method including the following steps: reading information from a digital versatile disk optical storage medium; and protecting the information read from the optical storage medium.
 14. A method as in claim 13 wherein the protecting step includes the step of applying at least one rights management technique to the read information.
 15. A method as in claim 13 further including the step of sending the protected information to an IEEE 1394 port.
 16. An electronic appliance including: a disk use arrangement for using information stored, or to be stored, on a digital versatile disk optical storage medium; and at least one protecting arrangement coupled to the disk use arrangement and also coupled to receive at least one analog signal, the protecting arrangement creating protected digital information based at least in part on the analog signal.
 17. In an electronic appliance, a method including the following steps: receiving at least one analog signal; and creating protected digital content based at least in part on the analog signal for storage on a digital versatile disk.
 18. In an electronic appliance, a method including the following steps: reading at least one analog signal from a digital versatile disk; creating protected digital content based at least in part on the analog signal; and outputting the protected digital content.
 19. An electronic appliance including: a disk use arrangement for using information stored, or to be stored, on a digital versatile disk optical storage medium; and at least one rights management arrangement coupled to the disk use arrangement, the rights management arrangement treating the storage medium and/or information obtained from the storage medium differently depending on the geographical and/or jurisdictional context of the appliance.
 20. In an electronic appliance, a method including the steps of: reading information from at least one digital versatile disk; and performing at least one rights management operation based at least in part on the geographical and/or jurisdictional context of the appliance.
 21. An electronic appliance including: a disk use arrangement for using at least one secure container stored on a digital versatile disk optical storage medium; and at least one rights management arrangement coupled to the disk use arrangement, the rights management arrangement processing the secure container.
 22. In an electronic appliance, a method including the following steps: reading at least one secure container from at least one digital versatile disk; and performing at least one rights management operation on the secure container.
 23. An electronic appliance including: at least one rights management arrangement for generating and/or modifying at least one secure container for storage onto a digital versatile disk optical storage medium.
 24. In an electronic appliance, a method including the step of performing at least one rights management operation on at least one secure container for storage onto a digital versatile disk optical storage medium.
 25. A digital versatile disk use system and/or method characterized in that the system and/or method uses at least one secure container.
 26. A digital versatile disk use system and/or method characterized in that the system and/or method uses at least one secure container of the type disclosed in PCT Publication No. WO 96/27155.
 27. An electronic appliance including: a disk use arrangement for writing information onto and/or reading information from a digital versatile disk optical storage medium; and a secure arrangement that securely manages information on the storage medium such that at least a first portion of the information may be used on at least a first class of appliance while at least a second portion of the information may be used on at least a second class of appliance
 28. In an electronic appliance, a method including the following steps: reading information from and/or writing information to at least one digital versatile disk optical storage medium; using at least a first portion of the information on at least a first class of appliance; and using at least a second portion of the information on at least a second class of appliance.
 29. A system including first and second classes of electronic appliances each including a secure processing arrangement, the first appliance class secure arrangement securely managing and/or using at least a first portion of the information, the second appliance class secure arrangement securely managing and/or using at least a second portion of the information.
 30. A system as in claim 29 wherein the first and second information portions are different, and the second appliance class secure arrangement does not use the first information portion.
 31. A system as in claim 29 wherein the first appliance class does not use the second information portion.
 32. In a system including first and second classes of electronic appliances each including a secure arrangement, a method comprising: (a) securely managing and/or using at least a first portion of the information with the first appliance class secure arrangement, and (b) securely managing and/or using at least a second portion of the information with the second appliance class secure arrangement.
 33. A method as in claim 32 wherein the first and second information portions are different, and step (b) does not use the first information portion.
 34. A method as in claim 32 wherein step (a) does not use the second information portion.
 35. An electronic appliance including: a disk use arrangement for writing information onto and/or reading information from a digital versatile disk optical storage medium; and a secure arrangement that securely stores and/or transmits information associated with at least one of payment, auditing, controlling and/or otherwise managing content recorded on the storage medium.
 36. In an electronic appliance, a method including the following steps: reading information from and/or writing information to at least one digital versatile disk optical storage medium; and securely storing and/or transmitting information associated with at least one of payment, auditing, controlling and/or otherwise managing content recorded on the storage medium.
 37. An electronic appliance including: a disk use arrangement for writing information onto and/or reading information from a digital versatile disk optical storage medium; a cryptographic engine coupled to the disk use arrangement, the engine using at least one cryptographic key; and a secure arrangement that securely updates and/or replaces at least one cryptographic key used by the cryptographic engine to at least in part modify the scope of information usable by the appliance.
 38. A method of operating an electronic appliance including: writing information onto and/or reading information from a digital versatile disk optical storage medium; using at least one cryptographic key in conjunction with said information; and securely updating and/or replacing at least one cryptographic key used by the cryptographic engine to at least in part modify the scope of information useable by the appliance.
 39. A digital versatile disk appliance characterized in that at least one cryptographic key used by the appliance is securely updated and/or replaced to at least in part modify the scope of information that can be used by the appliance.
 40. An appliance as in claim 39 further characterized in that the key updating and/or replacing is based on class of appliance.
 41. An electronic appliance having a class associated therewith, characterized in that at least one cryptographic key set used by the appliance class is selected to help ensure security of information released from at least one digital versatile disk.
 42. A digital camera for generating at least one image to be written onto a digital versatile disk optical storage medium, characterized in that the camera includes at least one information protecting arrangement that at least in part protects the image so that the information is persistently protected through subsequent processes such as editing, production, writing onto a digital versatile disk, and/or reading from a digital versatile disk.
 43. A digital camera for generating image information that can be written onto a digital versatile disk optical storage medium, a method comprising: capturing at least one image with a digital camera; and protecting information provided by the digital camera so that the information is selectively persistently protected through subsequent processes such as distribution, editing and/or production, writing onto the digital versatile disk optical storage medium, and/or reading from the digital versatile disk optical storage medium.
 44. In an electronic appliance including a disk use arrangement, a method comprising: reading information from at least one digital versatile disk optical storage medium; and persistently protecting at least some of the read information through at least one subsequent editing and/or production process.
 45. In an electronic appliance, a method including the following steps: reading information from and/or writing information to at least one digital versatile disk optical storage medium; and securely managing information on the storage medium, including the step of using at least a first portion of the information on at least a first class of appliance, and using at least a second portion of the information on at least a second class of appliance.
 46. A method of providing copy protection and/or use rights management of at least one digital property content and/or secure container to be stored and/or distributed on a digital versatile disk medium, comprising the step(s) of: providing a set of use control(s) within a cryptographically encapsulated data structure having a predetermined format, the data structure format defining at least one secure software container for providing use rights information for digital property content to be stored on the digital versatile disk medium.
 47. A method as in claim 46 further including the step of using at least one digital property content stored on an optical disk in accordance with the use controls, including the step of using a prescribed secure cryptographic key or set of cryptographic keys for using rights information.
 48. A method as in claim 46 further including the step of decrypting control rules and/or other selected encrypted information content encapsulated in the software container using at least one set of cryptographic keys.
 49. A method as in claim 46 further including the step of applying decrypted control rules to regulate use in accordance with control information contained within said control rules, so as to facilitate management of a diverse set of use and distribution rights which may be specific to different users and/or optical disk appliances.
 50. A method of providing rights management of digital property stored on digital versatile disk according to claim 46 wherein said secure container data structure comprises: one or more content objects comprising digital property content; and one or more control objects comprising a set of control rules defining copy protection, use and distribution rights to digital property content stored on the optical disk.
 51. A method of providing rights management of digital property stored on a digital versatile disk according to claim 46 , wherein a content object further comprises one or more reference pointers to digital property content stored elsewhere on the digital versatile disk.
 52. A method of providing rights management of digital property stored on a digital versatile disk according to claim 46 , wherein a control object further comprises one or more reference pointers to control information stored elsewhere on the digital versatile disk.
 53. A method of providing rights management of digital property stored on digital versatile disk according to claim 46 , wherein digital information stored on said optical disk includes one or more metadata blocks comprising further information used in conjunction wi th th e control rules to use digital property content stored elsewhere on the optical disk.
 54. A method of providing rights management of digital property stored on digital versatile disk according to claim 46 , wherein a metablock may be either of a protected type or of an unprotected type.
 55. An arrangement for implementing a rights management system for controlling copy protection, use and/or distribution rights to multi-media digital property content stored or otherwise contained on a digital versatile disk, comprising: an encrypted data structure defining a secure information container stored on an optical disk medium, the encrypted data structure including and/or referencing at least one content object and at least one control object associated with the content object, said content object comprising digital property content and said control object comprising rules defining use rights to the digital property content.
 56. An arrangement for implementing a rights management system for digital versatile disks according to claim 55 , wherein a content object further comprises one or more reference pointers to digital property content stored elsewhere on the digital versatile disk.
 57. An arrangement for implementing a rights management system for digital versatile disks according to claim 55 , wherein a control object further comprises one or more reference pointers to control information stored elsewhere on the digital versatile disk.
 58. An arrangement for implementing a rights management system for digital versatile disks according to claim 55 , wherein an control object further comprises information for controlling various operations of an optical disk appliance or computer.
 59. An arrangement for implementing a rights management system for digital versatile disks according to claim 55 , wherein a control object further comprises information for controlling various operations of an optical disk appliance or computer.
 60. An arrangement for implementing a rights management system for digital-versatile disks according to claim 55 , wherein a control object further comprises a rule specifying decoding and/or enforcement of CGMA encoded copy protection rules associated with the digital content property.
 61. An arrangement for implementing a rights management system for digital versatile disks according to claim 55 , wherein a control object further comprises a rule specifying at least one content scrambling system compatible encoding/decoding of digital property content.
 62. An arrangement for implementing a rights management system for digital versatile disks according to claim 55 , wherein said optical disk contains a block of stored information comprising encrypted keys used for decryption of said encrypted data structure.
 63. An arrangement for implementing a rights management system for digital versatile disks according to claim 55 , wherein said optical disk contains a block of stored information comprising hidden keys used for decryption of said encrypted keys.
 64. An arrangement for implementing a rights management system for digital versatile disks according to claim 55 , wherein a content object further comprises one or more reference pointers to digital property content stored on a separate storage medium.
 65. A rights management system for providing copy protection, use and/or distribution rights management for multimedia digital property content stored or otherwise contained on a digital versatile disk for access by an optical disk player device that uses digital property content stored on said optical disk medium, wherein said appliance includes a microprocessor controller for decrypting and using control rules and other selected encrypted information content encapsulated in the secure container by using a prescribed cryptographic key and applying said decrypted control rules to regulate use in accordance with control information contained within said control rules, so as to facilitate management of a diverse set of use and/or distribution rights which may be specific to different users and/or optical disk appliances, the system including: an optical disk medium having stored thereon an encrypted data structure defining a secure information container, the encrypted data structure comprising and/or referencing at least one content object and at least one control object, said content object comprising digital property content, said control object comprising rules defining use rights associated with the digital property.
 66. A method for providing copy protection, use and distribution rights management of multi-media digital property stored on and/or distributed via digital versatile disk, said optical disk medium having stored thereon an encrypted data structure defining a secure container for housing rights and/or copy protection information pertaining to digital property content stored on the optical disk, wherein an optical disk player appliance for using digital property content stored on an optical disk must utilize a prescribed secure cryptographic key or set of keys to use the secure container, said data structure comprising one or more content objects comprising digital property content and one or more control objects comprising a set of rules defining use rights to digital property, comprising the steps of: (a) decrypting control rules and other selected encrypted information content encapsulated in the secure container using one or more cryptographic keys; and (b) applying decrypted control rules to regulate use and/or distribution of digital property content stored on the optical disk in accordance with control information contained within the control rules, so as to provide customized use and/or distribution rights that are specific to different optical disk user platforms and/or optical disk appliances.
 67. A rights management system for providing copy protection, use and/or distribution rights management of digital property stored or otherwise contained on a digital versatile disk, comprising: a secure container means provided on an optical disk medium for cryptographically encapsulating digital property content stored on the optical disk, said container means comprising a content object means for containing digital property content and a control object means for containing control rules for regulating use and/or distribution of said digital property content stored on the optical disk.
 68. The rights management system of claim 67 wherein an optical disk player appliance for using information stored on an optical disk comprises a secure node means for using said secure container means provided on an optical disk and implementing said control rules to control operation of said player appliance to regulate use of said digital property content.
 69. In a system including plural electronic appliances at least temporarily connected to one another, a rights authority broker that determines what appliances are connected and specifies at least one rights management context depending on said determination.
 70. An electronic appliance at least temporarily connected to a rights authority broker, the electronic appliance receiving at least one rights context from the rights authority broker when the device is connected to the rights authority broker.
 71. A first electronic appliance at least temporarily connected to a second electronic appliance, the first electronic appliance selecting between at least first and second rights management contexts depending at least in part on whether the first appliance is connected to the second electronic appliance.
 72. In a system including first and second electronic appliances that may be selectively coupled to communicate with one another, an arrangement for defining at least one different rights management control based at least in part on whether the first and second electronic appliances are connected.
 73. A method of defining at least one rights management context comprising: (a) determining whether a first electronic appliance is present; and (b) defining at least one rights management control set based at least in part on the determining step (a).
 74. A method of defining at least one rights management context including: (a) coupling an optical disk storing information to an electronic appliance that can be selectively connected to a rights management broker; (b) determining whether the electronic appliance is currently coupled to a rights management broker; and (c) conditioning at least one aspect of use of at least some of the information stored on the optical disk based on whether the electronic appliance is coupled to the rights management broker.
 75. A method as in claim 74 wherein step (c) includes the step of obtaining at least one rights management context from the rights management broker.
 76. A method as in claim 74 wherein step (c) includes the step of obtaining at least one combined control set from the rights management broker.
 77. A method of defining at least one rights management context including: (a) coupling an optical disk storing information to an electronic appliance; (b) using at least some of the information stored on the optical disk based on a first rights management context; (c) coupling the electronic appliance to a rights management broker; and (d) concurrently with step (c), using at least some of the information stored on the optical disk based on a second rights management context different from the first rights management context
 78. An electronic appliance include a secure node and an optical disk reader, the electronic appliance applying different rights management contexts to protected information stored on an optical disk coupled to the optical disk reader depending at least in part on whether the electronic appliance is coupled to at least one additional secure node.
 79. An electronic appliance including: an optical disk reading and/or writing arrangement; a secure node coupled to the optical disk reading and/or writing arrangement, the secure node performing at least one rights management related function with respect to at least some information read by the optical disk reading and/or writing arrangement; and at least one serial bus port coupled to the secure node, the serial bus port for providing any or all of the functions, structures, protocols and/or methods of IEEE 1394-1995.
 80. A digital versatile disk appliance including: means for watermarking content; and serial bus means for communicating the watermarked content, wherein the serial bus means complies with IEEE 1394-1995.
 81. An optical disk reading and/or writing device including: at least one secure node capable of watermarking content and/or processing watermarked content; and an IEEE 1394-1995 serial bus port.
 82. An optical disk using device comprising: a secure processing unit; and an IEEE 1394-1995 serial bus port.
 83. A device as in claim 82 wherein the secure processing unit includes a channel manager.
 84. A device as in claim 82 wherein the secure processing unit executes a rights operating system in whole or in part.
 85. A device as in claim 82 wherein the secure processing unit includes a tamper-resistant barrier.
 86. A device as in claim 82 wherein the secure processing unit includes an encryption/decryption engine.
 87. A rights cooperation method comprising: (a) connecting an appliance to at least one further appliance; (b) determining whether the first and/or further appliance and/or user(s) of said first and/or further appliance have appropriate rights and/or resources for performing an action; and (c) selectively performing the action based at least in part on the determination.
 88. A rights cooperation method comprising: (a) connecting an appliance to at least one further appliance; (b) determining whether the first and/or further appliance and/or user(s) of said first and/or further appliance have appropriate security for performing an action; and (c) cooperating between the first and further appliance to selectively perform the action.
 89. A cooperative rights management arrangement comprising: a communications arrangement that allows at least first and second appliances to communicate; and an arrangement that processes at least one event based at least in part on assessing and/or pooling rights and/or resources between the first and second appliances.
 90. An optical disk using system and/or method including at least some of the elements shown in FIG. 1A.
 91. An optical disk using system and/or method including at least some of the elements shown in FIG. 1B.
 92. An optical disk using system and/or method including at least some of the elements shown in FIG. 1C.
 93. An optical disk using system and/or method including at least some of the elements shown in FIG. 2A.
 94. An optical disk using system and/or method including at least some of the elements shown in FIG. 2B.
 95. An optical disk using system and/or method including at least some of the elements shown in FIG.
 3. 96. An optical disk using system and/or method using at least some of the elements shown in FIG. 3A.
 97. An optical disk using system and/or method using at least some of the control set elements shown in FIG. 3B.
 98. An optical disk using system and/or method using at least some of the elements shown in FIG. 4A.
 99. An optical disk using system and/or method using at least some of the elements shown in FIG. 4B.
 100. An optical disk using system and/or method using at least some of the elements shown in FIG.
 5. 101. An optical disk using system and/or method using at least some of the elements shown in FIG.
 6. 102. An optical disk using system and/or method using at least some of the elements shown in FIG.
 7. 103. An optical disk using system and/or method using at least some of the elements shown in FIG.
 8. 104. An optical disk using system and/or method using at least some of the elements shown in FIG.
 9. 105. An optical disk using system and/or method using at least some of the elements shown in FIG.
 10. 106. An optical disk using system and/or method using at least some of the elements shown in FIG.
 11. 107. An optical disk using system and/or method including at least some of the elements shown in FIG.
 12. 108. An optical disk using system and/or method including at least some of the elements shown in FIG.
 13. 109. An optical disk using system and/or method including at least some of the elements shown in FIG.
 14. 110. A system and/or method including some or all of the elements shown in FIGS. 15A-15C.
 111. A system and/or method as in any one of the preceding claims, further including, in combination, any element described in any one of the following prior patent specifications: PCT Publication No. WO 96/27155; European Patent No. EP 329681; PCT Application No. PCT/US96/14262; U.S. patent application Ser. No. 08/689,606; and/or U.S. patent application Ser. No. 08/689,754.
 112. A system or process as in any of the preceding claims wherein the phrase “high capacity optical disk” is substituted for “digital versatile disk.”
 113. A method of clearing or otherwise processing information resulting at least in part from one or more digital versatile disk appliances and/or methods as defined in any of the preceding claims.
 114. A system and/or method for defining rules for use in one or more digital versatile disk appliances and/or methods as defined in any of the preceding claims.
 115. A system and/or method for defining rules and associated content for use in one or more digital versatile disk appliances and/or methods as defined in any of the preceding claims.
 116. A system and/or method for producing an optical disk for use with one or more digital versatile disk appliances and/or methods as defined in any of the preceding claims.
 117. A system and/or method for clearing audit information from one or more appliances and/or methods as defined in any of the preceding claims.
 118. In an network including at least one electronic appliance that reads information from and/or writes information to at least one digital versatile disk optical storage medium, and securely communicates information associated with at least one of payment, auditing, usage, access, controlling and/or otherwise managing content recorded on the storage medium, a method of processing said communicated information including the step of generating at least one payment request and/or order based at least in part on the information.
 119. A method of defining at least one control set for storage on a high capacity optical disk that can storage images, audio, text and/or other information, the high capacity optical disk for use by any of plural different electronic appliance types, the method including the step of specifying at least one control that provides different conditions and/or consequences depending upon at least one of the following: electronic appliance class; electronic appliance security; electronic appliance user class; electronic appliance connectivity; electronic appliance resources; electronic appliance access to resources; and rights management cooperation between plural electronic appliances. 